Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree

Summary Two primitive integrators in apm-cli enumerate package files with bare Path.glob / Path.rglob calls and read each match with Path.readtext, transparently following symbolic links. A symlink committed inside a remote APM dependency under .apm/prompts/.prompt.md or .apm/agents/.agent.md is...

GHSA-Q5PP-GVJG-H7V4 Microsoft APM: Symlinks under `.apm/prompts/` and `.apm/agents/` are dereferenced during `apm install`, copying host-local file contents into the project tree

Summary Two primitive integrators in apm-cli enumerate package files with bare Path.glob / Path.rglob calls and read each match with Path.readtext, transparently following symbolic links. A symlink committed inside a remote APM dependency under .apm/prompts/.prompt.md or .apm/agents/.agent.md is...

CVE-2024-38544

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix seg fault in rxecompqueuepkt In rxecompqueuepkt an incoming response packet skb is enqueued to the resppkts queue and then a decision is made whether to run the completer task inline or schedule it. Finally the skb ...

CVE-2024-26672

CVE-2024-26672 affects the Linux kernel AMDGPU driver: amdgpu_mca_smu_get_mca_entry() dereferences mca_funcs before a NULL check, leading to potential NULL-pointer dereference in UE/CE error handling paths. The issue is evidenced by code paths where mca_funcs is used to read max_ue_count/max_ce_c...

CVE-2024-26672 drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix variable 'mcafuncs' dereferenced before NULL check in 'amdgpumcasmugetmcaentry' Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpumca.c:377 amdgpumcasmugetmcaentry warn: variable dereferenced before check 'mcafunc...

CVE-2024-26672

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix variable 'mcafuncs' dereferenced before NULL check in 'amdgpumcasmugetmcaentry' Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpumca.c:377 amdgpumcasmugetmcaentry warn: variable dereferenced before check 'mcafunc...

CVE-2023-0401

CVE-2023-0401 describes a NULL pointer dereference during PKCS7 data verification in OpenSSL. The digest initialization can fail when the signature hash algorithm is known but the implementation is unavailable, due to a missing check on the initialization return value. This can lead to invalid di...

CVE-2020-11266

CVE-2020-11266 relates to Qualcomm Snapdragon Wired Infrastructure and Networking components. The issue arises when an image address is dereferenced before validating its range, enabling potential information leakage from the secure world (QSEE). The NVD entry documents low to medium base scores ...

CVE-2021-25903

An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced...

CVE-2021-25903

The CVE-2021-25903 entry concerns the Rust cache crate, where a raw pointer is dereferenced. Multiple connected sources (RustSec advisory RUSTSEC-2021-0006, OSV/NVD listings, Red Hat/RH CVE pages, and related advisories) describe a null/dereferenced-pointer issue in versions through 2021-01-01, c...

Null pointer dereference

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape in which a NULL pointer is dereferenced, which may lead to denial of service or escalation of privileges...

CVE-2018-12548

In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code...

CVE-2015-9200

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, and SD 835, in some TrustZone API functions, untrusted pointers can be dereferenced...

Null pointer dereference

In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end...

CVE-2017-8254

In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid...

CVE-2017-9054

An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In dwarfdecodesleb128chk a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read...

Updated flash-player-plugin packages fix CVE-2014-8439

Adobe Flash Player 11.2.202.424 contains additional hardening against a vulnerability in the handling of a dereferenced memory pointer that could lead to code execution CVE-2014-8439. A mitigation was previously introduced for this issue in a previous update MGASA-2014-0448...

Apple Safari SVG Set.targetElement() Memory Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the garbage collection of JavaScript set element...

CVE-2009-1250

The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service system crash via an RX response with a large error-code value that is interpreted as a pointer and dereferenced,...

GLSA-200612-03 : GnuPG: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200612-03 GnuPG: Multiple vulnerabilities Hugh Warrington has reported a boundary error in GnuPG, in the 'askoutfilename' function from openfile.c: the makeprintablestring function could return a string longer than expected...