48 matches found
CVE-2020-36778
In the Linux kernel, the following vulnerability has been resolved: i2c: xiic: fix reference leak when pmruntimegetsync fails The PM reference count is not expected to be incremented on return in xiicxfer and xiici2cremove. However, pmruntimegetsync will increment the PM reference count even...
CVE-2024-22419 concat built-in can corrupt memory in vyper
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The concat built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the buildIR for concat doesn't properly adhere to the API of co...
GHSA-VF78-3Q9F-92G3 Hard-coded System User Credentials in Folio Data Export Spring module
Impact The module creates a system user that is used to perform internal module-to-module operations. Credentials for this user are hard-coded in the source code. This makes it trivial to authenticate as this user, resulting in unauthorized access to potentially dangerous APIs, allowing to view a...
GSD-2023-1002297 netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
netfilter: ipset: Fix overflow before widen in the bitmapipcreate function. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.303 by commit...
GSD-2023-1000465 staging: media: tegra-video: fix device_node use after free
staging: media: tegra-video: fix devicenode use after free This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.18 by commit...
GSD-2022-1007900 net: microchip: sparx5: Fix potential null-ptr-deref in sparx_stats_init() and sparx5_start()
net: microchip: sparx5: Fix potential null-ptr-deref in sparxstatsinit and sparx5start This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.80 ...
ASB-A-187702830
In cropPhoto of EditUserPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
SUSE-SU-2022:3671-1 Security update for libostree
This update for libostree fixes the following issues: - CVE-2014-9862: Fixed arbitrary write on heap vulnerability bsc1201770...
GSD-2022-1005660 meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
meson-mx-socinfo: Fix refcount leak in mesonmxsocinfoinit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.61 by commit...
Raneto vulnerable to Cross-site Scripting
Renato v0.17.0 was discovered to contain a cross-site scripting XSS vulnerability. This issue is fixed in version 0.17.1...
GSD-2022-1002343 net/x25: Fix null-ptr-deref caused by x25_disconnect
net/x25: Fix null-ptr-deref caused by x25disconnect This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.238 by commit...
GSD-2022-1001612 rtc: pl031: fix rtc features null pointer dereference
rtc: pl031: fix rtc features null pointer dereference This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...
GSD-2022-1001292 PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove()
PM: domains: Fix sleep-in-atomic bug caused by genpddebugremove This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit...
MGASA-2022-0139 Updated webkit2 packages fix security vulnerability
The webkit2 package has been updated to version 2.36.0, fixing several security issues and other bugs...
GSD-2021-1001994 comedi: ni_usb6501: fix NULL-deref in command paths
comedi: niusb6501: fix NULL-deref in command paths This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.217 by commit...
OPENSUSE-SU-2021:1371-1 Security update for libqt5-qtsvg
This update for libqt5-qtsvg fixes the following issues: - CVE-2021-3481: Fixed an out of bounds read in function QRadialFetchSimd from crafted svg file. bsc1184783 This update was imported from the SUSE:SLE-15-SP2:Update update project...
GSD-2021-1001492 atm: iphase: fix possible use-after-free in ia_module_exit()
atm: iphase: fix possible use-after-free in iamoduleexit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.276 by commit...
GSD-2021-1001448 watchdog: Fix possible use-after-free in wdt_startup()
watchdog: Fix possible use-after-free in wdtstartup This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.276 by commit...
UVI-2021-1001070 net: hamradio: fix memory leak in mkiss_close
net: hamradio: fix memory leak in mkissclose This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.13 by commit...
syzkaller:prog_deserialize_fuzzer: Crash with empty stacktrace
Detailed Report: https://oss-fuzz.com/testcase?key=4907676728033280 Project: syzkaller Fuzzing Engine: libFuzzer Fuzz Target: progdeserializefuzzer Job Type: libfuzzerasansyzkaller Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000008ab0 Crash State: NULL Sanitizer: address ASAN...