2120 matches found
GSD-2022-1007666 ext4: avoid crash when inline data creation follows DIO write
ext4: avoid crash when inline data creation follows DIO write This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.331 by commit...
GSD-2022-1007606 ext4: avoid crash when inline data creation follows DIO write
ext4: avoid crash when inline data creation follows DIO write This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.296 by commit...
GSD-2022-1007531 ext4: avoid crash when inline data creation follows DIO write
ext4: avoid crash when inline data creation follows DIO write This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.262 by commit...
GSD-2022-1007433 ext4: avoid crash when inline data creation follows DIO write
ext4: avoid crash when inline data creation follows DIO write This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.220 by commit...
GSD-2022-1007307 ext4: avoid crash when inline data creation follows DIO write
ext4: avoid crash when inline data creation follows DIO write This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.150 by commit...
GSD-2022-1007122 ext4: avoid crash when inline data creation follows DIO write
ext4: avoid crash when inline data creation follows DIO write This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.75 by commit...
GSD-2022-1006883 ext4: avoid crash when inline data creation follows DIO write
ext4: avoid crash when inline data creation follows DIO write This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...
PT-2022-35562 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.150 Description: The issue is related to the ext4 file system, where a crash can occur when inline data creation follows a DIO write. The actual impact and attack plausibility have not yet been proven...
PT-2022-35138 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.3 Description: The issue is related to a potential crash in the ext4 file system when inline data creation follows a DIO write. The actual impact and attack plausibility have not yet been proven...
PT-2022-35861 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.296 Description: The issue is related to the ext4 file system, where a crash can occur when inline data creation follows a DIO write. The actual impact and attack plausibility have not yet been proven...
PT-2022-35688 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.220 Description: The issue is related to the ext4 file system, where a crash can occur when inline data creation follows a DIO write. The actual impact and attack plausibility have not yet been proven...
kernel: ext4: fix bug_on in ext4_writepages
In the Linux kernel, the following vulnerability has been resolved: ext4: fix bugon in ext4writepages we got issue as follows: EXT4-fs error device loop0: ext4mbgeneratebuddy:1141: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free cls ------------ cut here ------------ kernel...
PT-2022-23611 · Eclipse +1 · Eclipse Openj9 +1
Name of the Vulnerable Software and Affected Versions: Eclipse Openj9 versions prior to 0.35.0 Description: The issue allows malicious bytecode to potentially access or modify memory via an incompatible type due to the inlining of interface calls without a runtime type check. Recommendations: For...
USE OF SOLIDITY VERSION 0.8.14 WHICH HAS KNOWN ISSUES APPLICABLE TO Blur Exchange
Lines of code Vulnerability details Vulnerability details Vulnerability related to ‘Optimizer Bug Regarding Memory Side Effects of Inline Assembly’ ref : Blur Exchange inherits solidity contracts from openzeppelin and these uses inline assembly, and optimization is enabled while compiling...
Using non cleaned up variables inside of inline assembly
Lines of code Vulnerability details Impact There is a revealGobblers function in a ArtGobblers smart contract. Inside the function is an assembly insert, which operates with a variable with a size less than a machine word. But the code inside the assembly not checking that variable is cleaned up...
DRUPAL-CONTRIB-2022-054
The Next.js module provides an inline preview for content. Authenticated requests are made to Drupal to fetch JSON:API content and render them in an iframe from the decoupled Next.js site. The current implementation doesn’t sufficiently check access for fetching data. All requests made to Drupal...
Griefing attacks on NounsAuctionHouse
Lines of code Vulnerability details Impact There is internal function safeTransferETH that is called in createBid. The function itself: function safeTransferETHaddress to, uint256 value internal returns bool bool success, = to.call value: value, gas: 30000 new bytes0; return success; Please note...
Alt-N MDaemon 跨站脚本漏洞
Alt-N MDaemon is a mail service system from Alt-N, which provides complete mail server functionality, protects users from spam, enables web login to send and receive emails, supports remote management, and protects the system against email viruses when used in conjunction with the MDaemon AntiVir...
JPEGDEC 安全漏洞
JPEGDEC is a JPEG decoder optimized for Arduino by the individual developer Larry Bank. JPEGDEC has a security vulnerability that stems from a floating point exception in the DecodeJPEG module of the /src/jpeg.inl file...
nriv-inline-skaterhockey.de Cross Site Scripting vulnerability OBB-2825116
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...