Upgraded Q -> H from #439 [1670433195074]

Judge has assessed an item in Issue 439 as H risk. The relevant finding follows: L02 - close should not be able to close a specific id credit line As per the docs: Can a Borrower chose to repay any debt in any order? No. The app automatically selects which credit line can be repaid using a...

PT-2024-11849 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.0.8-1-default Description: A crash in the slcan driver occurs due to a freed work crash. The LTP test pty03 causes this crash, resulting in a kernel NULL pointer dereference. The issue arises when the slcan's ...

PT-2024-11878 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.1.0-rc5 Description: A bug in the Linux kernel has been resolved, specifically in the mptcp protocol. The issue occurred when a sleeping function was called from an invalid context at close time, resulting in ...

bind: DoS from specifically crafted TCP packets

A flaw was found in Bind that incorrectly handles certain crafted TCP streams. The vulnerability allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This flaw allows a remote attacker to send specially crafted TCP strea...

kernel: mptcp: fix race on unaccepted mptcp sockets

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race on unaccepted mptcp sockets When the listener socket owning the relevant request is closed, it frees the unaccepted subflows and that causes later deletion of the paired MPTCP sockets. The mptcp socket's worker ca...

UBUNTU-CVE-2022-3977

A use-after-free flaw was found in the Linux kernel MCTP Management Component Transport Protocol functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close happens, which could allow a local user to crash the system or potentially escalate their privileges on...

PT-2022-6814 · Unknown +1 · Openimageio +1

Name of the Vulnerable Software and Affected Versions: OpenImageIO version 2.4.4.2 Description: Multiple code execution vulnerabilities exist in the IFFOutput::close functionality of OpenImageIO. A specially crafted ImageOutput Object can lead to a heap buffer overflow. This issue arises when the...

kernel: mptcp: fix race on unaccepted mptcp sockets

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race on unaccepted mptcp sockets When the listener socket owning the relevant request is closed, it frees the unaccepted subflows and that causes later deletion of the paired MPTCP sockets. The mptcp socket's worker ca...

bind: DoS from specifically crafted TCP packets

A flaw was found in Bind that incorrectly handles certain crafted TCP streams. The vulnerability allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This flaw allows a remote attacker to send specially crafted TCP strea...

Html2xhtml 缓冲区错误漏洞

Html2xhtml is a command line tool for converting HTML files to XHTML files by the individual developer Jesus Arias Fisteus. A buffer error vulnerability exists in Html2xhtml v1.3, which originates from an out-of-bounds read in the function static void elmclosetreenodet nodo in procesador.c. An...

pcs security update

0.9.169-3.0.1 - replace logo pcsd/public/favicon.ico in tarball - remove Source1 HAM-logo.png 0.9.169-3.el73.2 - Update rubygem rack - Upgrade jquery in web-ui - Resolves: rhbz2099578 rhbz2093232 0.9.169-3.el73.1 - Explicitly close libcurl connections to prevent stalled TCP connections in...

Popup Maker < 1.16.11 - Contributor+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its Popup options, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, which could be used against admins Create a New popup Insert pop-up name, title, and body text. Add a new trigger with defau...

CVE-2022-38222

There is a use-after-free issue in JBIG2Stream::close located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to for example the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact...

CVE-2022-38222

There is a use-after-free issue in JBIG2Stream::close located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to for example the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact...

CVE-2022-38222

There is a use-after-free issue in JBIG2Stream::close located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to for example the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact...

UBUNTU-CVE-2022-38222

There is a use-after-free issue in JBIG2Stream::close located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to for example the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact...

lighttpd 安全漏洞

lighttpd is an open source web server developed by Jan Kneschke in Germany. A security vulnerability exists in lighttpd that originates from a denial-of-service attack that can be triggered via CLOSEWAIT / CONSTATEREADPOST...

XPDF 资源管理错误漏洞

XPDF is an open source PDF reader from FOO Labs. The product supports decoding files in LZW compressed format and reading encrypted PDF files. A security vulnerability exists in XPDF version 4.04, which stems from a reuse-after-release issue in JBIG2Stream::close in JBIG2Stream.cc, and can be...

GSD-2022-1005531 cifs: Fix memory leak on the deferred close

cifs: Fix memory leak on the deferred close This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.63 by commit...

CVE-2022-40280

An issue was discovered in Samsung TizenRT through 3.0GBM and 3.1PRE. createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3close after sqlite3openv2, leading to a denial of service...