SUSE CVE-2024-40967

In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the...

DEBIAN-CVE-2022-48845

In the Linux kernel, the following vulnerability has been resolved: MIPS: smp: fill in sibling and core maps earlier After enabling CONFIGSCHEDCORE landed during 5.14 cycle, 2-core 2-thread-per-core interAptiv CPS-driven started emitting the following: 0.025698 CPU1 revision is: 0001a120 MIPS...

SUSE CVE-2024-40981

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bypass empty buckets in batadvpurgeorigref Many syzbot reports are pointing to soft lockups in batadvpurgeorigref 1 Root cause is unknown, but we can avoid spending too much time there and perhaps get more interesting...

CVE-2024-40981

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bypass empty buckets in batadvpurgeorigref Many syzbot reports are pointing to soft lockups in batadvpurgeorigref 1 Root cause is unknown, but we can avoid spending too much time there and perhaps get more interesting...

DEBIAN-CVE-2024-40981

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bypass empty buckets in batadvpurgeorigref Many syzbot reports are pointing to soft lockups in batadvpurgeorigref 1 Root cause is unknown, but we can avoid spending too much time there and perhaps get more interesting...

UBUNTU-CVE-2024-40967

In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the...

CVE-2024-40981 batman-adv: bypass empty buckets in batadv_purge_orig_ref()

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bypass empty buckets in batadvpurgeorigref Many syzbot reports are pointing to soft lockups in batadvpurgeorigref 1 Root cause is unknown, but we can avoid spending too much time there and perhaps get more interesting...

CVE-2024-40967

CVE-2024-40967 affects the Linux kernel serial: imx subsystem. The root cause is a potential deadlock while waiting for USR2_TXDC in transmitter empty handling. The patch introduces a timeout of at most 1 second; if the timeout occurs, the driver ignores the transmitter state and continues optimi...

PT-2024-18938 · Npm · Node-Stringbuilder

Name of the Vulnerable Software and Affected Versions: node-stringbuilder versions all Description: The issue arises from incorrect memory length calculation in the node-stringbuilder package, leading to an Out-of-bounds Read. This occurs when methods such as ToBuffer, ToString, or CharAt are...

DEBIAN-CVE-2024-39487

In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bondoptionarpiptargetsset In function bondoptionarpiptargetsset, if newval-string is an empty string, newval-string+1 will point to the byte after the string, causing an out-of-bound read. BUG:...

AZL-47931 CVE-2024-39487 affecting package kernel for versions less than 5.15.164.1-1

In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bondoptionarpiptargetsset In function bondoptionarpiptargetsset, if newval-string is an empty string, newval-string+1 will point to the byte after the string, causing an out-of-bound read. BUG:...

Improper Access Control

directus is vulnerable to Improper Access Control. The vulnerability is due to improper handling of in and nin operators, which allows an attacker to query expressions with empty arrays, which are evaluated as valid, resulting in unauthorized access...

CVE-2024-39701 Directus Incorrectly handles _in` filter

Directus is a real-time API and App dashboard for managing SQL database content. Directus =9.23.0, =v10.5.3 improperly handles in, nin operators. It evaluates empty arrays as valid so expressions like "role": "in": $CURRENTUSER.somefield would evaluate to true allowing the request to pass. This...

BELL-CVE-2024-39477

Bulletin has no description...

SUSE CVE-2024-5642

CPython 3.9 and earlier doesn't disallow configuring an empty list "" for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due to NPN being...

jsonic was discovered to contain a prototype pollution via the function empty.

rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

GHSA-4WM9-3QMV-GVXJ jsonic was discovered to contain a prototype pollution via the function empty.

rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

CVE-2024-38993

rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...

Authentication Bypass

TYPO3 is vulnerable to Authentication Bypass. The vulnerability is due to the default authentication service failing to invalidate empty strings as passwords...

jsonic Security Vulnerabilities

jsonic is a JSON parser for Node.js open-sourced by jsonicjs. A security vulnerability exists in jsonic version v2.12.1, which stems from inclusion of prototype contamination via the function empty, allowing an attacker to execute arbitrary code or cause a denial of service DoS by injecting...