22 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007588)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007588 advisory. In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I'v...
CVE-2025-66574
TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the Open Object in Tree endpoint, allowing attackers to steal session cookies and potentially escalate privileges...
CVE-2025-66574
TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the Open Object in Tree endpoint, allowing attackers to steal session cookies and potentially escalate privileges...
CVE-2025-66574 TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS)
TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the Open Object in Tree endpoint, allowing attackers to steal session cookies and potentially escalate privileges...
CVE-2025-66574
Summary: TranzAxis 3.2.41.10.26 is vulnerable to a stored XSS via the Open Object in Tree API endpoint. This authenticated-user vulnerability can lead to session cookie theft and potential privilege escalation. Root cause: stored cross-site scripting in the Open Object in Tree endpoint. Affected ...
Taiko Alethia 跨站脚本漏洞
Taiko Alethia is an open source Taiko Labs collection of software for implementing the Ethernet-based ZK-EVM Rollup protocol for the Taiko Layer 2 network. A cross-site scripting vulnerability exists in Taiko Alethia version 3.2.41.10.26, which stems from the presence of cross-site script injecti...
nouveau: lock the client object tree.
...
Linux Distros Unpatched Vulnerability : CVE-2024-27062
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing clien...
SUSE CVE-2024-27062
In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306 general protection...
CVE-2024-27062
A flaw was found in the nouveau module in the Linux kernel. A missing resource lock can cause a race condition and trigger a general protection fault, resulting in a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the...
AZL-59631 CVE-2024-27062 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306 general protection...
DEBIAN-CVE-2024-27062
In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306 general protection...
UBUNTU-CVE-2024-27062
In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306 general protection...
CVE-2024-27062 nouveau: lock the client object tree.
In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306 general protection...
CVE-2024-27062 nouveau: lock the client object tree.
In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306 general protection...
CVE-2024-27062
CVE-2024-27062 relates to the Linux kernel nouveau driver, where the client object tree lacked locking and races occurred when adding/removing client objects (notably VRAM BAR mappings). The fix locks the client object tree to prevent race conditions during add/remove operations, addressing a gen...
SUSE-SU-2024:1377-1 Security update for apache-commons-configuration
This update for apache-commons-configuration fixes the following issues: - CVE-2024-29131: Fixed StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator bsc1221797. - CVE-2024-29133: Fixed StackOverflowError calling ListDelimiterHandler.flattenObject, int with a cyclica...
SUSE-SU-2024:1365-1 Security update for apache-commons-configuration2
This update for apache-commons-configuration2 fixes the following issues: - CVE-2024-29131: Fixed StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator bsc1221797. - CVE-2024-29133: Fixed StackOverflowError calling ListDelimiterHandler.flattenObject, int with a cyclic...
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
This Out-of-bounds Write vulnerability in Apache Commons Configuration affects Apache Commons Configuration: from 2.0 before 2.10.1. User can see this as a 'StackOverflowError' calling 'ListDelimiterHandler.flattenObject, int' with a cyclical object tree. Users are recommended to upgrade to versi...
PT-2024-21630
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.8.0-rc6+ Description The vulnerability is related to the nouveau driver in the Linux kernel. It appears that the client object tree has no locking, which can cause races around adding or removing client objects...