633 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the nommu component incorrectly passing parameters to vmaiterprealloc when deleting vma entries, causing the...
CVE-2024-53096 mm: resolve faulty mmap_region() error path behaviour
In the Linux kernel, the following vulnerability has been resolved: mm: resolve faulty mmapregion error path behaviour The mmapregion function is somewhat terrifying, with spaghetti-like control flow and numerous means by which issues can arise and incomplete state, memory leaks and other...
dom-iterator code execution vulnerability
Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not...
GHSA-JRVM-MCXC-MF6M dom-iterator code execution vulnerability
Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not...
CVE-2024-21541
Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not...
CVE-2024-21541
Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not...
CVE-2024-21541
Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body and thus care must be given to ensure that the inputs to Function are not...
CVE-2024-21541
CVE-2024-21541 affects the npm package dom-iterator prior to version 1.0.1 . The vulnerability stems from use of the Function constructor without complete input sanitization, allowing an attacker-controlled input to generate a new function body, with risks similar to eval. This is corroborated by...
PT-2024-18954 · Unknown · Dom-Iterator
Name of the Vulnerable Software and Affected Versions: dom-iterator versions prior to 1.0.1 Description: The issue is related to Arbitrary Code Execution due to the use of the Function constructor without complete input sanitization. This allows an attacker to generate a new function body, posing...
npm dom-iterator 代码注入漏洞
npm dom-iterator is a feature-rich, fully tested iterator for traversing DOM nodes from US-based npm. A code injection vulnerability exists in npm dom-iterator that stems from the use of a Function constructor that does not fully filter input...
kernel: clk: imx: scu: use _safe list iterator to avoid a use after free
A use-after-free flaw was found in the Linux kernel's i.MX system control unit clock driver in the error cleanup path. A local user can trigger this issue during clock initialization failure scenarios on i.MX hardware with System Control Unit firmware, where the cleanup loop incorrectly uses a...
SUSE CVE-2024-50222
In the Linux kernel, the following vulnerability has been resolved: ioviter: fix copypagefromiteratomic if KMAPLOCALFORCEMAP generic/077 on x8632 CONFIGDEBUGKMAPLOCALFORCEMAP=y with highmem, on huge=always tmpfs, issues a warning and then hangs interruptibly: WARNING: CPU: 5 PID: 3517 at...
DEBIAN-CVE-2024-50254
In the Linux kernel, the following vulnerability has been resolved: bpf: Free dynamically allocated bits in bpfiterbitsdestroy bpfiterbitsdestroy uses "kit-nrbits kmemleakalloc+0x4b/0x80 kmallocnodenoprof+0x480/0x5c0 alloc.isra.0+0x89/0xb0 allocbulk+0x2af/0x720 prefillmemcache+0x7f/0xb0...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the presence of a full block copy problem in daxunshareiter...
CentOS 6 : thunderbird (RHSA-2020:4158)
The remote CentOS Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4158 advisory. - Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption an...
SUSE CVE-2024-43357
ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript JavaScript specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type...
DEBIAN-CVE-2024-43806
Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...
AZL-48330 CVE-2024-43806 affecting package kata-containers-cc for versions less than 3.2.0.azl4-1
Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...
AZL-48312 CVE-2024-43806 affecting package virtiofsd for versions less than 1.8.0-3
Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...
AZL-48327 CVE-2024-43806 affecting package flux for versions less than 0.194.5-4
Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...