net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

PT-2025-24579 · Amd · Amd Versal Adaptive Soc

Name of the Vulnerable Software and Affected Versions: AMD Versal Adaptive SoC devices affected versions not specified Description: The issue arises from the incorrect configuration of the Secure Stream Switch SSS during runtime, specifically after the system has booted, which could cause data to...

PT-2025-17974 · Goldendb · Goldendb

Name of the Vulnerable Software and Affected Versions: GoldenDB affected versions not specified Description: The issue is related to an information disclosure problem. Attackers can exploit error messages to obtain the system's sensitive information. Recommendations: At the moment, there is no...

SUSE CVE-2024-50117

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ? showregs arch/x86/kernel/dumpstack.c:478 discriminator 1 ...

SUSE CVE-2021-47446

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a4xx: fix error handling in a4xxgpuinit This code returns 1 on error instead of a negative error. It leads to an Oops in the caller. A second problem is that the check for "if ret != -ENODATA" cannot be true because "ret"...

UBUNTU-CVE-2021-47447

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a3xx: fix error handling in a3xxgpuinit These error paths returned 1 on failure, instead of a negative error code. This would lead to an Oops in the caller. A second problem is that the check for "if ret != -ENODATA" did...

DEBIAN-CVE-2023-52678

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Confirm list is non-empty before utilizing listfirstentry in kfdtopology.c Before using listfirstentry, make sure to check that list is not empty, if list is empty return -ENODATA. Fixes the below:...

PT-2023-30202 · Unknown · Qmi Service Module

Name of the Vulnerable Software and Affected Versions: QMI service module affected versions not specified Description: The issue is related to parameters being out of the value range in the QMI service module. Successful exploitation may cause errors in reading file data. Recommendations: At the...

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server, related to errors in processing input data, allows a perpetrator to cause service interruptions.

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server, related to errors in processing input data, allows a perpetrator to cause service interruptions.

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

"Failed to convert Boot Configuration Data. The system cannot find the file specified. (0x00000002)"

Attemtpting to run P2pvs and get error "Failed to convert Boot Configuration Data. The system cannot find the file specified. 0x00000002" Followed https://support.citrix.com/article/CTX202159 and still same issue...

VDA machines stuck at Initializing for Hybrid Azure AD join

For Citrix MCS provisioned Hybrid Azure AD joined machine catalogs, the VDA machines might be stuck at “Initializing” status after startup. And when you login to the VDA machines and execute the “dsregcmd /status /debug” command, you will find below error message under “Diagnostic Data” “Server...

Design/Logic Flaw

An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flbmsgpackgelfvalueext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execute...

The vulnerability of the SolarWinds Orion network monitoring software, related to the restoration of unreliable data in memory, allows a intruder to execute arbitrary commands.

The vulnerability of SolarWinds Orion network monitoring software lies in the recovery of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the Microsoft Hyper-V Network Switch virtual programmable switch allows a attacker to gain access to protected information.

The vulnerability of the Microsoft Hyper-V Network Switch virtual programmable switch in Windows operating systems is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to gain access to protected information through a specially created application...

CVE-2018-13348

The mpatchdecode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001...

Exiv2 BigTiffImage::readData Assertion Failure Vulnerability

Exiv2 is a C++ library for extracting EXIF, LPTC and XMP metadata information from images. An assertion failure security vulnerability exists in Exiv2 version 0.26 bigtiffimage.cpp/BigTiffImage::readData, which can be exploited by an attacker to cause a service interruption...

The vulnerability of the microprogrammed software for Micrologix 1100 and Micrologix 1400, related to errors in managing registration data, allows a hacker to obtain user credentials.

The vulnerability of the microprogrammed logic controllers Micrologix 1100 and Micrologix 1400 lies in the fact that user credentials are sent to the web server using the HTTP GET method. Exploiting this vulnerability allows a malicious actor to obtain users’ credentials remotely...

The vulnerability of the microprogramming software of the Cisco TelePresence Video Communication Server allows a intruder to bypass the passwords of unauthorized users.

The vulnerability in the web-based administration interface of Cisco TelePresence Video Communication Server software is related to errors in managing registration data. Exploiting this vulnerability could allow a malicious actor to reset the passwords of arbitrary users remotely...

UBUNTU-CVE-2014-0147

Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling updaterefcount routine...