SUSE CVE-2024-26616

In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned BUG There is a bug report that, on a ext4-converted btrfs, scrub leads to various problems, including: - "unable to find chunk map" errors BTRFS info device...

Unspecified Vulnerability in Apache Superset (CNVD-2024-26186)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a security vulnerability that originates from the ability of an authenticated user to generate specially crafted SQL statements to trigger database errors and expose...

The vulnerability of the netfs_rreq_unlock_folios() function in the netfs file system of the Linux operating system allows a attacker to cause a service failure.

The vulnerability of the netfsrrequnlockfolios function in the netfs/bufferedread.c file of the Linux kernel’s file system netfs is related to serialization errors. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the sub_4484A8() function in D-Link DIR-823G router microprogramming software allows a hacker to induce a service failure.

The vulnerability of the sub4484A8 function in D-Link DIR-823G router microprogramming software is related to errors in pointer manipulation during the processing of HTTP headers. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability of the kvm_io_bus_unregister_dev() function in the KVM subsystem of Linux operating systems allows a attacker to cause a service failure.

The vulnerability of the kvmiobusunregisterdev function in the KVM subsystem of Linux operating systems is related to errors in pointer assignment during device registration. Exploiting this vulnerability can allow an attacker to cause system failures...

DEBIAN-CVE-2024-24785

If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates...

CVE-2024-24785

If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates...

Cross-site Scripting (XSS)

Overview std/html/template is a Go standard library package std/html/template Affected versions of this package are vulnerable to Cross-site Scripting XSS. Go Vulnerability Report:If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual...

The vulnerability of Windows operating system printing services allows attackers to perform spoofing attacks.

The vulnerability of Windows operating system printing services is related to errors in information representation by the user interface. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...

The vulnerability of the cJSON_InsertItemInArray function in the JSON file processing library for the C JSON-C language allows a attacker to cause a service failure.

The vulnerability of the cJSONInsertItemInArray function in the JSON file processing library for the C JSON language is related to pointer dereferencing errors. Exploiting this vulnerability could allow an attacker to cause service failures remotely...

The vulnerability of the __thp_get_unmapped_area() function in the memory management subsystem of 32-bit Linux kernel allows a hacker to trigger a service failure.

The vulnerability of the thpgetunmappedarea function in the mm/hugememory.c module of the memory-management subsystem in 32-bit Linux kernel systems is related to memory allocation errors. Exploiting this vulnerability can allow an attacker to cause a system failure...

The vulnerability of the sub_424320() function in D-Link DIR-823G router’s software allows a hacker to induce a service failure.

The vulnerability of the sub424320 function in D-Link DIR-823G router microprogramming software is related to pointer assignment errors. Exploiting this vulnerability can allow an attacker to trigger a service failure by sending a specially crafted HNAP1/SetIgnoreWizardConfig request...

CVE-2024-2151

A vulnerability classified as problematic was found in SourceCodester Online Mobile Management Store 1.0. Affected by this vulnerability is an unknown functionality of the component Product Price Handler. The manipulation of the argument quantity with the input -1 leads to business logic errors...

Input validation

A vulnerability classified as problematic was found in SourceCodester Online Mobile Management Store 1.0. Affected by this vulnerability is an unknown functionality of the component Product Price Handler. The manipulation of the argument quantity with the input -1 leads to business logic errors...

The vulnerability of the dcn_create_resource_pool function in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the dcncreateresourcepool function in the Linux operating system is related to memory release errors. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2022:2177-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2024-18924 · Sourcecodester · Sourcecodester Online Mobile Management Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Mobile Management Store version 1.0 Description: A problematic vulnerability was found in the component Product Price Handler of the SourceCodester Online Mobile Management Store. The manipulation of the quantity argumen...

PT-2024-2303 · Unknown +1 · Inet Wireless Daemon +1

Name of the Vulnerable Software and Affected Versions: iNet wireless daemon IWD versions 2.15 and earlier Description: The issue is related to initialization problems in the p2putil.c component of the iNet wireless daemon IWD, which can cause a denial of service daemon crash or possibly have othe...

CVE-2023-52532

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...

DEBIAN-CVE-2023-52507

In the Linux kernel, the following vulnerability has been resolved: nfc: nci: assert requested protocol is valid The protocol is used in a bit mask to determine if the protocol is supported. Assert the provided protocol is less than the maximum defined so it doesn't potentially perform a...