SUSE CVE-2023-32256

A flaw was found in the Linux kernel's ksmbd component. A race condition between smb2 close operation and logoff in multichannel connections could result in a use-after-free issue...

SUSE CVE-2023-32258

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2LOGOFF and SMB2CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this...

kernel: ALSA: usb-audio: Cancel pending work at closing a MIDI substream

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output substream, there might be still a pending work, which would eventually access the rawmidi runtime object that is being released. For...

kernel: iavf: Fix reset error handling

A deadlock condition exists in the linux kernel such that when calling iavfclose in iavfresettask error handling,doing so can lead to double call of napidisable thereby leading to a denial of service due to the deadlock...

kernel: denial of service in tipc_conn_close

A data race flaw was found in the Linux kernel, between where con is allocated and con-sock is set. This issue leads to a NULL pointer dereference when accessing con-sock-sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel...

CVE-2023-1125

The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their own...

PT-2023-2821 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2 LOGOFF and SMB2 CLOSE commands. The issue...

Malicious HTTP requests could close arbitrary opening file descriptors in cloud-hypervisor

...

Important: Red Hat Security Advisory: java-1.8.0-openjdk security and bug fix update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Denial Of Service (DoS)

libOpenImageIO.so is vulnerable to Denial of Service DoS attacks. A malicious user is able to trigger uncontrolled recursion via a malicious input through FitsOutput::close function , causing the application to crash...

Broken Access Control in Vote/Friend Function

Description Unauthorized conduct by modifying, closing/re open a poll created by someone else. Delete friend of other account via id Proof of Concept Step 1: Use account 1 to create a poll\ \ account 2 not have perrmison edit/close/open on poll \ Step 2: Intercept request when account 1 edit,...

DEBIAN-CVE-2023-24472

A denial of service vulnerability exists in the FitsOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability...

UBUNTU-CVE-2023-24472

A denial of service vulnerability exists in the FitsOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability...

Input validation

A denial of service vulnerability exists in the FitsOutput::close functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability...

Undertow: Infinite loop in SslConduit during close

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates...

Undertow: Infinite loop in SslConduit during close

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates...

Undertow: Infinite loop in SslConduit during close

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates...

Undertow: Infinite loop in SslConduit during close

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates...

SUSE CVE-2007-0578

The httpopen function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service infinite loop by closing the HTTP connection early...

SUSE CVE-2010-1419

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving a certain window close...