37 matches found
EUVD-2026-38720
In the Linux kernel, the following vulnerability has been resolved: sctp: diag: reject stale associations in dumpone path The SCTP exact sockdiag lookup can hold a transport reference, block on locksocksk, and then resume after sctpassociationfree has marked the association dead and freed its bin...
SUSE CVE-2026-46073
In the Linux kernel, the following vulnerability has been resolved: hwmon: powerz Fix missing usbkillurb on signal interrupt waitforcompletioninterruptibletimeout returns -ERESTARTSYS when interrupted. This needs to abort the URB and return an error. No data has been received from the device so a...
CVE-2026-46073
CVE-2026-46073 is a Linux kernel issue in hwmon: powerz where wait_for_completion_interruptible_timeout() could return -ERESTARTSYS on signal interrupt and skip usb_kill_urb(), leading to reads from an unfilled transfer buffer. Public documents confirm a patch that: 1) captures the function retur...
CVE-2026-31972 samtools mpileup has use-after-free leading to an invalid read
SAMtools is a program for reading, manipulating and writing bioinformatics file formats. The mpileup command outputs DNA sequences that have been aligned against a known reference. On each output line it writes the reference position, optionally the reference DNA base at that position obtained fr...
kernel: drm/vmwgfx: Fix invalid reads in fence signaled events
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drmevent to the size of the structure that's actually used. The length of the drmevent was set to the parent structure instead of to the...
SUSE CVE-2024-49932
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't readahead the relocation inode on RST On relocation we're doing readahead on the relocation inode, but if the filesystem is backed by a RAID stripe tree we can get ENOENT e.g. due to preallocated extents not being...
DEBIAN-CVE-2024-49932
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't readahead the relocation inode on RST On relocation we're doing readahead on the relocation inode, but if the filesystem is backed by a RAID stripe tree we can get ENOENT e.g. due to preallocated extents not being...
Security update for podofo
This update for podofo fixes the following issues: CVE-2015-8981: Fixed heap overflow in the function ReadXRefSubsection bsc1023190 CVE-2017-6840: Fixed invalid memory read in ColorChanger::GetColorFromStack colorchanger.cpp bsc1027787 CVE-2017-6841: Fixed NULL pointer dereference in...
kernel: Fix of 11 CVEs
drm/vmwgfx: Fix invalid reads in fence signaled events CVE-2024-36960 - afunix: Fix garbage collector racing against connect CVE-2024-26923 - ipv6: remove maxsize check inline with ipv4 CVE-2023-52340 - aoe: fix the potential use-after-free problem in aoecmdcfgpkts CVE-2023-6270 - smb: client:...
CVE-2024-36960
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drmevent to the size of the structure that's actually used. The length of the drmevent was set to the parent structure instead of to the...
CVE-2024-36960
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drmevent to the size of the structure that's actually used. The length of the drmevent was set to the parent structure instead of to the...
DEBIAN-CVE-2024-36960
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drmevent to the size of the structure that's actually used. The length of the drmevent was set to the parent structure instead of to the...
CVE-2024-36960
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drmevent to the size of the structure that's actually used. The length of the drmevent was set to the parent structure instead of to the...
CVE-2024-36960 drm/vmwgfx: Fix invalid reads in fence signaled events
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drmevent to the size of the structure that's actually used. The length of the drmevent was set to the parent structure instead of to the...
CVE-2024-36960 drm/vmwgfx: Fix invalid reads in fence signaled events
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drmevent to the size of the structure that's actually used. The length of the drmevent was set to the parent structure instead of to the...
PT-2023-17453 · Suse · Suse
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to insufficient DRAM address validation in the System Management Unit SMU, which may allow an attacker to read or write from an...
SUSE CVE-2017-6307
An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapiattr.c:mapiattrread. These might lead to invalid read and write operations, controlled by an attacker...
Huawei EulerOS: Security Advisory for OpenEXR (EulerOS-SA-2020-1584)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Denial Of Service (DoS)
JasPer is vulnerable to denial of service attacks. A remote attacker could cause invalid reads and application crash via a crafted JPEG 2000 image. This issue affects the function jasmatrixclip of the file jasseq.c of the component JPEG 2000 Image Handler...
Mozilla: Backport critical security fixes in Skia
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR 52.8, Thunderbird 52.8, and Firefox ESR 52.8...