MAL-2024-1774 Malicious code in arriva-ui-lib (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-1983 Malicious code in @store-sfdcbt-net/cicd_gulp-central-js-lib-v1 (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-38543

In the Linux kernel, the following vulnerability has been resolved: lib/testhmm.c: handle srcpfns and dstpfns allocation failure The kcalloc in dmirrordeviceevictchunk will return null if the physical memory has run out. As a result, if srcpfns or dstpfns is dereferenced, the null pointer...

CVE-2021-47595 net/sched: sch_ets: don't remove idle classes from the round-robin list

In the Linux kernel, the following vulnerability has been resolved: net/sched: schets: don't remove idle classes from the round-robin list Shuang reported that the following script: 1 tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 7 2 mauseza...

CVE-2024-38543

In the Linux kernel, the following vulnerability has been resolved: lib/testhmm.c: handle srcpfns and dstpfns allocation failure The kcalloc in dmirrordeviceevictchunk will return null if the physical memory has run out. As a result, if srcpfns or dstpfns is dereferenced, the null pointer...

CVE-2024-38543

In the Linux kernel, the following vulnerability has been resolved: lib/testhmm.c: handle srcpfns and dstpfns allocation failure The kcalloc in dmirrordeviceevictchunk will return null if the physical memory has run out. As a result, if srcpfns or dstpfns is dereferenced, the null pointer...

curl: NULL dereference when encoding DN of x509 certificate

Vulnerability description not provided...

CVE-2024-37795

A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service DoS via a crafted SMT-LIB input file containing the set-logic command with specific formatting errors...

CVE-2024-37795

A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service DoS via a crafted SMT-LIB input file containing the set-logic command with specific formatting errors...

CVE-2024-37795

CVE-2024-37795 concerns a segmentation fault in CVC5 Solver v1.1.3 that can be triggered by a crafted SMT-LIB input file using set-logic with specific formatting errors, causing DoS. The vulnerability affects CVC5 Solver 1.1.3 (no broader details on affected products beyond CVC5) and is discussed...

CVC5 Solver Security Vulnerability

cvc5 is a tool in the cvc5 open source. It is used to determine the satisfiability of first-order formulas modulo first-order theories or combinations of these theories. A security vulnerability exists in CVC5 Solver version v1.1.3, which stems from a segmentation error that allows an attacker to...

CVE-2024-37795

A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service DoS via a crafted SMT-LIB input file containing the set-logic command with specific formatting errors...

CVE-2024-29780

In hwbccnsdeprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c, there is a possible uninitialized stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-29780

CVE-2024-29780 affects hwbcc_ns_deprivilege in trusty/user/base/lib/hwbcc/client/hwbcc.c, describing an uninitialized data condition that can disclose uninitialized stack data. The impact is local information disclosure with no extra privileges required and no user interaction needed. Exploitatio...

Malicious code in test-lib-avishek (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b09a9d57bb929d0c7ba93b90c01ea2a5270838a233ae120bdade2730d5c6e364 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-37017

asdcplib aka AS-DCP Lib 2.13.1 has a heap-based buffer over-read in ASDCP::TimedText::MXFReader::hReader::MDtoTimedTextTDesc in ASDCPTimedText.cpp in libasdcp.so...

CVE-2024-37017

CVE-2024-37017 affects asdcplib (AS-DCP Lib) 2.13.1 and involves a heap-based buffer over-read in ASDCP::TimedText::MXFReader::h__Reader::MD_to_TimedText_TDesc within AS_DCP_TimedText.cpp in libasdcp.so. The CVSSv3.1 base score is 8.1 (HIGH), with NETWORK attack vector, LOW attack complexity, no ...

CVE-2024-37017

asdcplib aka AS-DCP Lib 2.13.1 has a heap-based buffer over-read in ASDCP::TimedText::MXFReader::hReader::MDtoTimedTextTDesc in ASDCPTimedText.cpp in libasdcp.so...

CVE-2021-47302

In the Linux kernel, the following vulnerability has been resolved: igc: Fix use-after-free error during reset Cleans the next descriptor to watch nexttowatch when cleaning the TX ring. Failure to do so can cause invalid memory accesses. If igcpoll runs while the controller is being reset this ca...

CVE-2024-27406

In the Linux kernel, the following vulnerability has been resolved: lib/Kconfig.debug: TESTIOVITER depends on MMU Trying to run the ioviter unit test on a nommu system such as the qemu kc705-nommu emulation results in a crash. KTAP version 1 Subtest: ioviter module: kunitioviter 1..9 BUG: failure...