134 matches found
CVE-2024-36926 powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE At the time of LPAR boot up, partition firmware provides Open Firmware property ibm,dma-window for the PE. This property is provided on the PCI bus the PE is...
CVE-2024-36926
CVE-2024-36926 affects the Linux kernel on PowerPC pseries hardware, where LPARs boot with a frozen PE may lack the ibm,dma-window property. This can cause a NULL pointer dereference while configuring PCI, leading to an oops/panic during boot. The vulnerability is described with kernel traces (pc...
CVE-2024-26657
CVE-2024-26657 relates to a NULL pointer dereference in the Linux kernel’s DRM scheduler code (drm_sched_entity_init). The issue could be triggered by AMDGPU user-space IOCTL flow: user calls AMDGPU_CTX_ALLOC_CTX via amdgpu_ctx_ioctl, then AMDGPU_WAIT_CS without submitting a job, which could lead...
Curl 7.44.0 < 8.7.0 HTTP/2 Push Headers Memory-leak (CVE-2024-2398)
The version of Curl installed on the remote host is between 7.44.0 and prior to 8.7.0. It is, therefore, affected by a memory-leak vulnerability. When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed...
CVE-2024-2398
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...
CURL-CVE-2024-2398 HTTP/2 push headers memory-leak
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...
CVE-2024-2398 HTTP/2 push headers memory-leak
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...
CVE-2024-2398
CVE-2024-2398 affects curl/libcurl: when an application enables HTTP/2 server push and the received push headers exceed a limit (1000), libcurl aborts the server push and leaks previously allocated headers, causing memory leaks and a silent condition that can be hard to detect. The CVSS in the en...
CVE-2024-2398
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...
CVE-2024-2398 HTTP/2 push headers memory-leak
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...
CVE-2024-2398
When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit 1000, libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead lea...
BIT-TENSORFLOW-2020-15191 Undefined behavior in Tensorflow
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...
CVE-2023-20262
A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not...
Information Disclosure
froxlor/froxlor is vulnerable to Information Disclosure. A remote attacker is able to gain access to unauthorized user data via a failed prepared SQL query due to an unchecked error condition, resulting in the disclosure of sensitive information...
CVE-2023-0572
Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10...
CVE-2023-0572 Unchecked Error Condition in froxlor/froxlor
Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10...
CVE-2023-0572 Unchecked Error Condition in froxlor/froxlor
Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10...
CVE-2023-0572
The vulnerability CVE-2023-0572 affects the Froxlor project (froxlor/froxlor) before version 2.0.10, described as an Unchecked Error Condition in the repository. The available connected documents confirm a technical issue arising from an unchecked error path in Froxlor prior to 2.0.10. The CVSSv3...
golang: net/http: handle server errors after sending GOAWAY
A flaw was found in the golang package. In net/http in Go, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if a fatal error preempts the shutdown...
GSD-2023-1000488 media: s5p-mfc: Clear workbit to handle error condition
media: s5p-mfc: Clear workbit to handle error condition This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.18 by commit...