249 matches found
CVE-2023-45825
ydb-go-sdk is a pure Go native and database/sql driver for the YDB platform. Since ydb-go-sdk v3.48.6 if you use a custom credentials object implementation of interface Credentials it may leak into logs. This happens because this object could be serialized into an error message using...
SUSE CVE-2022-49786
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: properly pin the parent in blkcgcssonline blkcgcssonline is supposed to pin the blkcg of the parent, but 397c9f46ee4d refactored things and along the way, changed it to pin the css instead. This results in extra pins,...
CVE-2025-37762
CVE-2025-37762 affects the Linux kernel DRM virtio, where prepare_fb() error handling missed dmabuf unpinning, causing resource leaks on error paths. The vulnerability is fixed by correcting error handling in prepare_fb(), as noted in multiple sources (e.g., Astra Linux advisory citing the same d...
Security Bulletin: IBM Integration Bus for z/OS is vulnerable to memory leaking, segmentation fault or heap-use-after-free due to Eclipse Mosquitto (CVE-2024-8376)
Summary IBM Integration Bus for z/OS is vulnerable to memory leaking, segmentation fault or heap-use-after-free due to Eclipse Mosquitto. Vulnerability Details CVEID:CVE-2024-8376 DESCRIPTION: In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault o...
How to Leak to a Journalist
Neiman Lab has some good advice on how to leak a story to a journalist...
Linux Distros Unpatched Vulnerability : CVE-2024-8376
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of...
Linux Distros Unpatched Vulnerability : CVE-2022-49263
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: brcmfmac: pcie: Release firmwares in the brcmfpciesetup error path This avoids leaking memor...
CVE-2022-49436
CVE-2022-49436 affects the Linux kernel (powerpc/papr_scm) due to leaking nvdimm_events_map elements and mismatched stat_id handling (NULL termination vs 8-byte identifiers). The fix allocates space for stat_id entries in papr_scm_priv.nvdimm_events_map to prevent leaks and reconcile string sizin...
[BSA-120] Security Update for mosquitto
Philippe Coval uploaded new packages for mosquitto which fixed the following security problems: CVE-2024-8376 In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT",...
Malicious code in creative_design_client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15b9d3a4ef8f0a22d5ff21957427271795b4aa88024b5746a06181ae5918235a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-8376
A flaw was found in Eclipse Mosquitto. A remote attacker may be able to trigger memory leakage, segmentation fault, or a heap-use-after-free condition by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE", and "PUBLISH" packets...
CVE-2024-8376
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets...
CVE-2024-8376
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets...
CVE-2024-8376 Memory leak
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets...
CVE-2024-8376
CVE-2024-8376 affects Eclipse Mosquitto up to version 2.0.18a, where an attacker can trigger memory leaking, segmentation fault or heap-use-after-free by sending crafted sequences of MQTT packets (CONNECT, DISCONNECT, SUBSCRIBE, UNSUBSCRIBE, PUBLISH). Public documents consistently cite these symp...
CVE-2024-8376
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets...
GO-2024-3182 OpenTofu potential leaking of secret variable values when using static evaluation in v1.8 in github.com/opentofu/opentofu
OpenTofu potential leaking of secret variable values when using static evaluation in v1.8 in github.com/opentofu/opentofu...
GHSA-9722-9J67-VJCR Improper Authorization in Select Permissions
Due to the order in which permissions were processed, some statements, filters and computations could lead to leaking field values or record contents to users without the required permissions. This behavior could be triggered in different scenarios: - When performing a SELECT operation on a table...
Improper Authorization in Select Permissions
Due to the order in which permissions were processed, some statements, filters and computations could lead to leaking field values or record contents to users without the required permissions. This behavior could be triggered in different scenarios: - When performing a SELECT operation on a table...
GHSA-WPR2-J6GR-PJW9 OpenTofu potential leaking of secret variable values when using static evaluation in v1.8
Impact Users who have opted into static evaluation of module sources, versions, and backend configurations may be at risk of exposing sensitive variables and locals. This is a workflow that should not be possible and explicitly show errors. Workarounds Check that you are not using sensitive...