CVE-2024-32985 Stellar-core's Overlay - security fix for DDoS mitigation

Stellar-core is a reference implementation for the peer-to-peer agent that manages the Stellar network. Prior to 20.4.0, core nodes could be randomly crashed due to a race condition with a 3rd party library. The likelihood of affecting the network is low since crashed nodes come back up online...

CVE-2022-48659 mm/slub: fix to return errno if kmalloc() fails

In the Linux kernel, the following vulnerability has been resolved: mm/slub: fix to return errno if kmalloc fails In createuniqueid, kmalloc, GFPKERNEL can fail due to out-of-memory, if it fails, return errno correctly rather than triggering panic via BUGON; kernel BUG at mm/slub.c:5893! Internal...

CVE-2022-48644 net/sched: taprio: avoid disabling offload when it was never enabled

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: avoid disabling offload when it was never enabled In an incredibly strange API design decision, qdisc-destroy gets called even if qdisc-init never succeeded, not exclusively since commit 87b60cfacf9f "netsched:...

CVE-2022-48640 bonding: fix NULL deref in bond_rr_gen_slave_id

In the Linux kernel, the following vulnerability has been resolved: bonding: fix NULL deref in bondrrgenslaveid Fix a NULL dereference of the struct bonding.rrtxcounter member because if a bond is initially created with an initial mode != zero Round Robin the memory required for the counter is...

CVE-2024-26856

In the Linux kernel, the following vulnerability has been resolved: net: sparx5: Fix use after free inside sparx5delmactentry Based on the static analyzis of the code it looks like when an entry from the MAC table was removed, the entry was still used after being freed. More precise the vid of th...

CVE-2024-24862

Removed by vendor...

CVE-2024-26748 usb: cdns3: fix memory double free when handle zero packet

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet 829 if request-complete 830 spinunlock&privdev-lock; 831 usbgadgetgivebackrequest&privep-endpoint, 832 request; 833 spinlock&privdev-lock; 834 835 836 if request-buf ==...

CVE-2022-48629

In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. qcomrngread can run into a situation...

CVE-2023-52499

In the Linux kernel, the following vulnerability has been resolved: powerpc/47x: Fix 47x syscall return crash Eddie reported that newer kernels were crashing during boot on his 476 FSP2 system: kernel tried to execute user page b7ee2000 - exploit attempt? uid: 0 BUG: Unable to handle kernel...

CVE-2021-46925

A flaw was found in the Linux kernel affecting the net/smc Synchronous Message Channel subsystem. This vulnerability is caused by a race condition between the smccdctxhandler and smcrelease functions and can cause kernel panics. Mitigation There are no known mitigations to the problem and Red Hat...

Exploit for Files or Directories Accessible to External Parties in Apache Struts

This is a Proof of Concept PoC for CVE-2023-50164https://nv...

XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest

Impact XWiki doesn't properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document XWiki.AdminSheet by default, everyone including unauthenticated users to execute code including Groovy code. This...

PT-2025-25992 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.19.0 Description: The issue is related to an out-of-range error in the aq vec index in the Linux kernel's Atlantic driver. The final update statement of a for loop exceeds the array range, and the dereference ...

Buffer Overflow

libhdf5.so is vulnerable to Buffer Overflow. There is no explicit check in H5Oattrdecode to verifying that the multiplication operation didn't exceed the addressable range. The fixed code can check for overflow by dividing attr-shared-datasize by dtsize and comparing the result to dssize...

Upgraded Q -> 2 from #130 [1686726021314]

Judge has assessed an item in Issue 130 as 2 risk. The relevant finding follows: Possible Infinite Loops If the condition triggers the continue, then the loop variable does not get incremented. The condition never changes, as the same condition is checked over and over again, resulting in an...

swift-nio-http2 vulnerable to denial of service via mishandled HPACK variable length integer encoding

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. It is fixed in 1.19.2 and later releases. There are a number of...

PT-2025-26155 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free UAF bug has been identified in the Linux kernel's ALSA Advanced Linux Sound Architecture component, specifically in the bcd2000 driver. This issue occurs when the driv...

Unrestricted Token Transfer and Minting

Lines of code Vulnerability details Impact An attacker could exploit this vulnerability to mint an unlimited number of tokens, potentially devaluing the token and manipulating the market. Proof of Concept: Proof of Concept --The contract allows anyone to call the onTokenTransfer function without...

curl: CVE-2023-27538: SSH connection too eager reuse still

A vulnerability CVE-2023-27538 existed in the SSH connection reuse feature of cURL library. The vulnerability allowed for connection reuse even when different SSH keys were used, due to a broken check for SSH key matching. The vulnerability could potentially lead to unauthorized access to sensiti...

Security Bulletin: A vulnerability in Open Source Apache Tomcat affects IBM FlashSystem 840, (CVE-2014-0230)

Summary There is a vulnerability in Open Source Apache Tomcat that is used by IBM FlashSystem 840 which allows remote attackers to cause a denial of service under certain scenarios. Vulnerability Details CVE-ID: CVE-2014-0230 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused...