Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unset error check that will use invalid index values for certain functions...

CVE-2023-52680

In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error checks to ctlget The ctlget functions which call scarlett2update were not checking the return value. Fix to check the return value and pass to the caller...

CVE-2023-52680 ALSA: scarlett2: Add missing error checks to *_ctl_get()

In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error checks to ctlget The ctlget functions which call scarlett2update were not checking the return value. Fix to check the return value and pass to the caller...

CVE-2023-52680

CVE-2023-52680 concerns the Linux kernel ALSA scarlett2 driver. The vulnerability arises because the ctl_get() functions that call scarlett2_update () did not check the return value, potentially causing unhandled errors to propagate to the caller. The description states this was fixed by adding p...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not adding a missing error check to ctlget...

php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak...

CVE-2023-43885

Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device...

Important: Red Hat Security Advisory: php:8.0 security update

An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 9 : php (RHSA-2023:5926)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5926 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: XML loading external entity witho...

Important: php:8.0 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: XML loading external entity without being enabled CVE-2023-3823 php: phar Buffer mismanagement CVE-2023-3824 php: 1-byte array overrun in common path resolve code CVE-2023-0568 php: DoS...

PT-2023-13726 · Kiali · Kiali

Name of the Vulnerable Software and Affected Versions: Kiali affected versions not specified Description: A content spoofing issue was found in Kiali, where it does not implement error handling when the page or endpoint being accessed cannot be found. This allows an attacker to perform arbitrary...

GHSA-P25M-JPJ4-QCRR Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)

Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms ex. Linux allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Jav...

Important: php

Issue Overview: GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixed in 8.2.7, 8.1.20, 8.0.29 NOTE: https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw NOTE:...

Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

...

SUSE CVE-2019-5051

An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability...

CVE-2022-3175

Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior to 2.4.2...

PYSEC-2022-273

Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior to 2.4.2...

ASB-A-224585613

In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is no...

libnbd: nbdcopy: missing error handling may create corrupted destination image

A flaw was found in the copying tool nbdcopy of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the error parameter. This could result in the silent creation of a...

RHEL 8 : virt:av and virt-devel:av (RHSA-2022:0971)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0971 advisory. The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Re...