4722 matches found
CVE-2022-49800 tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event()
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix memory leak in testgensynthcmd and testemptysynthevent testgensynthcmd only free buf in fail path, hence buf will leak when there is no failure. Add kfreebuf to prevent the memleak. The same reason and solution in...
PT-2025-22217
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been identified where a client can send an empty newname string to the ksmbd server, causing a kernel oops from d alloc. This issue occurs when...
CVE-2025-3891
A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...
DEBIAN-CVE-2025-3891
A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...
UBUNTU-CVE-2025-3891
A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...
CVE-2025-3891 Mod_auth_openidc: dos via empty post in mod_auth_openidc with oidcpreservepost enabled
A flaw was found in the modauthopenidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability...
Red Hat Enterprise Linux 7 安全漏洞
Red Hat Enterprise Linux 7 is a Linux operating system for business users from Red Hat, an American company. A security vulnerability exists in Red Hat Enterprise Linux 7 that originates from a crash when processing an empty POST request, which could result in a denial of service...
CVE-2025-24640
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dan-Lucian Stefancu Empty Tags Remover empty-tags-remover allows Reflected XSS.This issue affects Empty Tags Remover: from n/a through = 1.0...
Security update for runc
This update for runc fixes the following issues: CVE-2024-45310: Fixed unintentional creation of empty files/directories on host bsc1230092 Other fixes: Update to runc v1.2.6. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
SUSE-SU-2025:1374-1 Security update for runc
This update for runc fixes the following issues: - CVE-2024-45310: Fixed unintentional creation of empty files/directories on host bsc1230092 Other fixes: - Update to runc v1.2.6...
Libsoup: null pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in content-disposition header
...
CGA-2C8X-WMCP-R4QJ
Bulletin has no description...
SUSE CVE-2025-37785
In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which contains '.' dir entry with reclen == block size results in out-of-bounds read later on, when the corrupted directory is removed...
BELL-CVE-2025-22030
Bulletin has no description...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ext4emptydir function that can lead to out-of-bounds reads when checking the dotdot directory...
CVE-2025-24640
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dan-Lucian Stefancu Empty Tags Remover empty-tags-remover allows Reflected XSS.This issue affects Empty Tags Remover: from n/a through = 1.0...
CVE-2025-24640 WordPress Empty Tags Remover Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dan-Lucian Stefancu Empty Tags Remover empty-tags-remover allows Reflected XSS.This issue affects Empty Tags Remover: from n/a through = 1.0...
CVE-2025-24640
CVE-2025-24640 concerns the WordPress plugin Empty Tags Remover (versions ≤ 1.0). The issue is an Improper Neutralization of Input During Web Page Generation that enables a Reflected XSS . Affected component is the plugin’s input handling, leading to script injection in reflected contexts. The CV...
WordPress plugin Empty Tags Remover 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...
PT-2025-17041 · Unknown · Empty Tags Remover
Name of the Vulnerable Software and Affected Versions: Empty Tags Remover versions 1.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to inje...