11641 matches found
CVE-2024-56692
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node blkaddr in truncatenode syzbot reports a f2fs bug as below: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2534! RIP: 0010:f2fsinvalidateblocks+0x35f/0x370...
CVE-2024-53211
In the Linux kernel, the following vulnerability has been resolved: net/l2tp: fix warning in l2tpexitnet found by syzbot In l2tp's net exit handler, we check that an IDR is empty before destroying it: WARNONONCE!idrisempty&pn-;l2tptunnelidr; idrdestroy&pn-;l2tptunnelidr; By forcing memory...
CVE-2024-56745
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep&options, " " != NULL If...
AZL-55005 CVE-2024-56745 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep&options, " " != NULL If...
AZL-55112 CVE-2024-56745 affecting package kernel for versions less than 5.15.176.3-1
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep&options, " " != NULL If...
DEBIAN-CVE-2024-56745
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep&options, " " != NULL If...
CVE-2024-56745 PCI: Fix reset_method_store() memory leak
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep&options, " " != NULL If...
CVE-2024-56745 PCI: Fix reset_method_store() memory leak
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep&options, " " != NULL If...
CVE-2024-56745
CVE-2024-56745 : Linux kernel vulnerability where reset_method_store() leaked allocated memory (via kstrndup) when parsing a string with strsep, because options could be freed after strsep nulled it. A fix preserves the original options string by iterating with a separate tmp_options, preventing ...
CVE-2024-56745 PCI: Fix reset_method_store() memory leak
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep&options, " " != NULL If...
CVE-2024-56745
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep&options, " " != NULL If...
CVE-2024-50944
Consolidated details show a concrete issue in SimplCommerce: an integer overflow in the shopping cart, specifically in the CartController.AddToCart method, triggered by crafted inputs to the quantity parameter. Affected: SimplCommerce with commit 230310c8d7a0408569b292c5a805c459d47a1d8f and versi...
CVE-2024-56522
An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != aka loose comparison and does not use a constant-time function to compare TCPDF tag hashes...
CVE-2024-52046
The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious...
GHSA-Q2X7-8RV6-6Q7H Jinja has a sandbox breakout through indirect reference to format method
An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on th...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toHTMLEx method due to improper input sanitization. An attacker can execute arbitrary JavaScript code by injecting malicious scripts into the input data processed by this method. Details Cross-site...
CVE-2024-56326
CVE-2024-56326 affects Jinja2 prior to 3.1.5, where an oversight in the sandboxed environment allows an attacker who can control template content to execute arbitrary Python code. The vulnerability arises from how calls to str.format can be indirectly invoked via filters, bypassing sandbox protec...
PT-2024-10181 · Unknown · Phpspreadsheet
Name of the Vulnerable Software and Affected Versions: PhpSpreadsheet versions prior to 3.7.0 PhpSpreadsheet versions prior to 2.3.5 PhpSpreadsheet versions prior to 2.1.6 PhpSpreadsheet versions prior to 1.29.7 Description: The issue is related to the bypass of the cross-site scripting sanitizer...
PT-2024-34465 · Unknown · Simplcommerce
Name of the Vulnerable Software and Affected Versions: SimplCommerce version at commit 230310c8d7a0408569b292c5a805c459d47a1d8f SimplCommerce version 1.0.0 Description: An integer overflow vulnerability exists in the shopping cart functionality of SimplCommerce. The issue lies in the quantity...
Spatie Browsershot 安全漏洞
Spatie Browsershot is a codebase from the Belgian Spatie team that converts browser pages into PDF or image formats based on Php and Javascript. A security vulnerability exists in Spatie Browsershot versions prior to 5.0.3, which stems from improper URL validation via the setUrl method...