1719 matches found
GitLab 11.3 < 12.9.8 / 12.10 < 12.10.7 / 13.0 < 13.0.1 (CVE-2020-13270)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API CVE-2020-13270 Note...
CVE-2024-4568
In Xpdf 4.05 and earlier, a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow...
SUSE CVE-2024-27022
In the Linux kernel, the following vulnerability has been resolved: fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING 1. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfsfallocate dupmmap hugetlbfspunchhole immaplockwritemapping;...
CVE-2024-27060 thunderbolt: Fix NULL pointer dereference in tb_port_update_credits()
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix NULL pointer dereference in tbportupdatecredits Olliver reported that his system crashes when plugging in Thunderbolt 1 device: BUG: kernel NULL pointer dereference, address: 0000000000000020 PF: supervisor read...
CVE-2024-27022
In the Linux kernel, the following vulnerability has been resolved: fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING 1. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfsfallocate dupmmap hugetlbfspunchhole immaplockwritemapping;...
DEBIAN-CVE-2024-27022
In the Linux kernel, the following vulnerability has been resolved: fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING 1. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfsfallocate dupmmap hugetlbfspunchhole immaplockwritemapping;...
UBUNTU-CVE-2024-27022
In the Linux kernel, the following vulnerability has been resolved: fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING 1. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfsfallocate dupmmap hugetlbfspunchhole immaplockwritemapping;...
CVE-2024-27022
In the Linux kernel, the following vulnerability has been resolved: fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING 1. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfsfallocate dupmmap hugetlbfspunchhole immaplockwritemapping;...
kernel: mm/uffd: fix pte marker when fork() without fork event
In the Linux kernel, the following vulnerability has been resolved: mm/uffd: fix pte marker when fork without fork event Patch series "mm: Fixes on pte markers". Patch 1 resolves the syzkiller report from Pengfei. Patch 2 further harden pte markers when used with the recent swapin error markers...
CVE-2023-52646
A flaw was found in the Linux kernel’s Asynchronous I/O AIO subsystem. The issue arises due to a NULL pointer dereference null-deref when using the mremap function after a fork operation, specifically on old AIO mappings. The vulnerability occurs because the ioctxtable is set to NULL after the...
SUSE CVE-2023-52646
In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 "aio: Make it possible to remap aio ring" introduced a null-deref if mremap is called on an old aio mapping after fork as mm-ioctxtable will be set to NULL...
DEBIAN-CVE-2023-52646
In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 "aio: Make it possible to remap aio ring" introduced a null-deref if mremap is called on an old aio mapping after fork as mm-ioctxtable will be set to NULL...
CVE-2023-52646
In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 "aio: Make it possible to remap aio ring" introduced a null-deref if mremap is called on an old aio mapping after fork as mm-ioctxtable will be set to NULL...
UBUNTU-CVE-2023-52646
In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 "aio: Make it possible to remap aio ring" introduced a null-deref if mremap is called on an old aio mapping after fork as mm-ioctxtable will be set to NULL...
CVE-2023-52646
In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 "aio: Make it possible to remap aio ring" introduced a null-deref if mremap is called on an old aio mapping after fork as mm-ioctxtable will be set to NULL...
GHSA-V6RW-HHGG-WC4X Evmos vulnerable to DOS and transaction fee expropiation through Authz exploit
Impact What kind of vulnerability is it? Who is impacted? An attacker can use this bug to bypass the block gas limit and gas payment completely to perform a full Denial-of-Service against the chain. Disclosure Evmos versions below v11.0.1 do not check for MsgEthereumTx messages that are nested...
[SECURITY] Fedora 38 Update: c-ares-1.28.1-1.fc38
c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...
CVE-2024-22423
yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment...
UBUNTU-CVE-2024-22423
yt-dlp is a youtube-dl fork with additional features and fixes. The patch that addressed CVE-2023-40581 attempted to prevent RCE when using --exec with %q by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment...
yaml-rust is unmaintained.
The maintainer seems unreachable. Many issues and pull requests have been submitted over the years without any response. Alternatives Consider switching to the actively maintained yaml-rust2 fork of the original project: - yaml-rust2 - yaml-rust2 @ crates.io...