31 matches found
Ghost CMS <=4.32 - Cross-Site Scripting
Ghost CMS 4.0.0 to 4.3.2 contains a DOM cross-site scripting vulnerability. An unused endpoint added during the development of 4.0.0 allows attackers to gain access by getting logged-in users to click a link containing malicious code. id: CVE-2021-29484 info: name: Ghost CMS =4.32 - Cross-Site...
CVE-2024-47688 driver core: Fix a potential null-ptr-deref in module_add_driver()
In the Linux kernel, the following vulnerability has been resolved: driver core: Fix a potential null-ptr-deref in moduleadddriver Inject fault while probing of-fpga-region, if kasprintf fails in moduleadddriver, the second sysfsremovelink in exit path will cause null-ptr-deref as below because...
EulerOS 2.0 SP12 : kernel (EulerOS-SA-2024-2519)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : bpf, skmsg: Fix NULL pointer dereference in skpsockskbingressenqueueCVE-2024-36938 bpf, sockmap: Prevent lock inversion deadlock in map delete...
Oracle Linux 8 : kernel (ELSA-2024-3618)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3618 advisory. - uio: Fix use-after-free in uioopen Ricardo Robaina RHEL-26232 CVE-2023-52439 - net:emac/emac-mac: Fix a use after free in emacmactxbufsend Ken Cox...
CVE-2021-47550 drm/amd/amdgpu: fix potential memleak
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix potential memleak In function amdgpugetxgmihive, when kobjectinitandadd failed There is a potential memleak if not call kobjectput...
CVE-2022-48708
In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference Added checking of pointer "function" in pcssetmux. pinmuxgenericgetfunction can return NULL and the pointer "function" was dereferenced without checking against NULL. Found by Linux...
CVE-2024-35912 wifi: iwlwifi: mvm: rfi: fix potential response leaks
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: rfi: fix potential response leaks If the rx payload length check fails, or if kmemdup fails, we still need to free the command response. Fix that...
CVE-2023-52667 net/mlx5e: fix a potential double-free in fs_any_create_groups
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a potential double-free in fsanycreategroups When kcalloc for ft-g succeeds but kvzalloc for in fails, fsanycreategroups will free ft-g. However, its caller fsanycreatetable will free ft-g again through calling...
CVE-2022-48669
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix potential memleak in paprgetattr buf is allocated in paprgetattr, and krealloc of buf could fail. We need to free the original buf in the case of failure...
CVE-2024-26855 net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()
In the Linux kernel, the following vulnerability has been resolved: net: ice: Fix potential NULL pointer dereference in icebridgesetlink The function icebridgesetlink may encounter a NULL pointer dereference if nlmsgfindattr returns NULL and brspec is dereferenced subsequently in nlaforeachnested...
CVE-2024-26843
CVE-2024-26843: In the Linux kernel, the EFI runtime subsystem had a fix for a potential overflow in the soft-reserved region size. Specifically, md_size could be narrowed when there are >= 4 GiB worth of pages in a soft-reserved region. The vulnerability is reported as a local vulnerability w...
CVE-2023-52434 smb: client: fix potential OOBs in smb2_parse_contexts()
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential OOBs in smb2parsecontexts Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts. This fixes following oops when accessing invalid create contexts from server: BUG: unabl...
GSD-2023-1001997 ice: Fix potential memory leak in ice_gnss_tty_write()
ice: Fix potential memory leak in icegnssttywrite This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.7 by commit...
GSD-2023-1000797 ASoC: Intel: avs: Fix potential RX buffer overflow
ASoC: Intel: avs: Fix potential RX buffer overflow This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...
GSD-2023-1000643 power: supply: cw2015: Fix potential null-ptr-deref in cw_bat_probe()
power: supply: cw2015: Fix potential null-ptr-deref in cwbatprobe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...
GSD-2023-1000317 net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
net: hisilicon: Fix potential use-after-free in hisifemacrx This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.269 by commit...
GSD-2022-1008322 nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
nfc: s3fwrn5: Fix potential memory leak in s3fwrn5ncisend This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.299 by commit...
GSD-2022-1008054 drm/drv: Fix potential memory leak in drm_dev_init()
drm/drv: Fix potential memory leak in drmdevinit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.156 by commit...
GSD-2022-1008005 nfc: nxp-nci: Fix potential memory leak in nxp_nci_send()
nfc: nxp-nci: Fix potential memory leak in nxpncisend This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.78 by commit...
GSD-2022-1006145 RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
RDMA/hfi1: fix potential memory leak in setupbasectxt This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.256 by commit...