Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

A issue was discovered in ksmbd within the Linux kernel before version 6.6.10. The smb2getdataarealen function in fs/smb/server/smb2misc.c can lead to an out-of-bounds access via smbstrndupfromutf16, due to improper handling of the relationship between the Name data and the CreateContexts data...

CVE-2025-65104 Firebird: Information leak vulnerability in firebird3 client when used with newer server

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or...

CVE-2025-65104

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or...

PT-2025-51566

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue in the net/mlx5e component related to handling XDP programs and skb socket buffer generation. XDP programs can modify the layout of an xdp buff using t...

Linux Distros Unpatched Vulnerability : CVE-2024-22705

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2getdataarealen in fs/smb/server/smb2misc.c can cause an smbstrndupfromutf16 out-of-bound...

The vulnerability of Intel Dynamic Tuning Technology (DTT) in system software drivers lies in the ability to disclose information in the erroneous data area, allowing an attacker to enhance their privileges.

The vulnerability of system software drivers related to Intel Dynamic Tuning Technology DTT involves the disclosure of information in the erroneous data area. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Intel Alias Checking Trusted Module (Intel ACTM), a microprogramming software component for Intel 4th Generation and 5th Generation processors, allows attackers to exploit it to increase their privileges.

The vulnerability of the Intel Alias Checking Trusted Module Intel ACTM, a microprogramming software component of Intel’s 4th and 5th generation processors, relates to the disclosure of information in the erroneous data area. Exploiting this vulnerability can allow attackers to enhance their...

ROS-20240918-02

A vulnerability in the WebKitGTK web page display module is related to disclosure of information in an erroneous data area of data. Exploitation of the vulnerability allows an attacker acting remotely to gain access to the sensitive data...

The vulnerability of the smb2_get_data_area_len() function in the implementation of the SMB protocol server for Linux operating systems allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the smb2getdataarealen function in the fs/smb/server/smb2misc.c module of the SMB protocol server implementation in Linux operating systems is related to accessing memory beyond the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the...

The vulnerability in the avatar loading function of the OTRS application allows a violator to execute arbitrary code.

The vulnerability of the avatar loading function in the OTRS application relates to the disclosure of information in the erroneous data area. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code...

OESA-2024-1112 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel before 6.5.9, there is a NULL pointer dereference in sendacknowledge in net/nfc/nci/spi.c.CVE-2023-46343 In the Linux kernel before 6.4.12, amdgpucswaitallfences in drivers/gpu/drm/amd/amdgpu/amdgpucs.c has a...

OESA-2024-1114 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel before 6.5.9, there is a NULL pointer dereference in sendacknowledge in net/nfc/nci/spi.c.CVE-2023-46343 In the Linux kernel before 6.4.12, amdgpucswaitallfences in drivers/gpu/drm/amd/amdgpu/amdgpucs.c has a...

An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled.

...

SUSE CVE-2024-22705

An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2getdataarealen in fs/smb/server/smb2misc.c can cause an smbstrndupfromutf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled...

DEBIAN-CVE-2024-22705

An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2getdataarealen in fs/smb/server/smb2misc.c can cause an smbstrndupfromutf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled...

AZL-33961 CVE-2024-22705 affecting package kernel for versions less than 5.15.148.1-1

An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2getdataarealen in fs/smb/server/smb2misc.c can cause an smbstrndupfromutf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled...

The vulnerability of the Packet Forwarding Engine (PFE) in Juniper Networks’ Junos operating system, which allows a hacker to gain access to confidential data

The vulnerability of the packet forwarding engine PFE in Juniper Networks’ Junos operating system is related to the disclosure of information in the erroneous data area. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data...

PT-2024-1381

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.10 Description The issue is related to the smb2 get data area len function in the fs/smb/server/smb2misc.c file of the KSMBD file system in the Linux kernel. It is associated with an out-of-bounds access in t...

The vulnerability of the Jeecg P3 Biz Chat plugin for the WordPress content management system allows a hacker to read arbitrary files.

The vulnerability of the Jeecg P3 Biz Chat plugin for the WordPress content management system is related to the disclosure of information in the erroneous data area. Exploiting this vulnerability could allow a malicious actor, operating remotely, to read arbitrary files...

PT-2023-6244 · Huawei · Harmonyos

Name of the Vulnerable Software and Affected Versions: HarmonyOS affected versions not specified Description: The issue is related to a vulnerability in the Bluetooth module of the HarmonyOS operating system, which is associated with information disclosure in an error data area. It may also invol...