DEBIAN-CVE-2024-42160

In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fsbuildfaultattr - It missed to check validation of fault attrs in parseoptions, let's fix to add check condition in f2fsbuildfaultattr. - Use f2fsbuildfaultattr in sbistore to clean up...

CVE-2024-42160

In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fsbuildfaultattr - It missed to check validation of fault attrs in parseoptions, let's fix to add check condition in f2fsbuildfaultattr. - Use f2fsbuildfaultattr in sbistore to clean up...

CVE-2024-42160 f2fs: check validation of fault attrs in f2fs_build_fault_attr()

In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fsbuildfaultattr - It missed to check validation of fault attrs in parseoptions, let's fix to add check condition in f2fsbuildfaultattr. - Use f2fsbuildfaultattr in sbistore to clean up...

DEBIAN-CVE-2024-40897

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

ALPINE-CVE-2024-40897

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

mvel: TimeOut error when calling ParseTools.subCompileExpression() function

DISPUTED A vulnerability was found in the ParseTools.subCompileExpression method in the Mvel package. This vulnerability manifests as a TimeOut error, and may allow an attacker to leverage the TimeOut error to disrupt the normal functioning of the system or application, potentially leading to...

OESA-2024-1875 ffmpeg security update

FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash. Security Fixes: An integer overflow...

OESA-2024-1857 rapidjson security update

RapidJSON as a fast JSON parser which generator for c++. Its inspired by RapidXML. Its supports both SAX & DOM style API. Its small but complete. Its fast, Its preformance can be comparabel to strlen. Its self-contained. It doesnt depend on external libraries such as BOOST. Its Unicode and memory...

SUSE CVE-2022-48860

In the Linux kernel, the following vulnerability has been resolved: ethernet: Fix error handling in xemacliteofprobe This node pointer is returned by ofparsephandle with refcount incremented in this function. Calling ofnodeput to avoid the refcount leak. As the remove function do...

CVE-2022-48787 iwlwifi: fix use-after-free

In the Linux kernel, the following vulnerability has been resolved: iwlwifi: fix use-after-free If no firmware was present at all or, presumably, all of the firmware files failed to parse, we end up unbinding by calling devicereleasedriver, which calls remove, which then in iwlwifi calls...

Parse Server literalizeRegexPart SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Parse Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the literalizeRegexPart function. The issue results from the lack of proper...

UBUNTU-CVE-2024-40991

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: Fix ofk3udmaglueparsechnbyid The ofk3udmaglueparsechnbyid helper function erroneously invokes "ofnodeput" on the "udmaxnp" device-node passed to it, without having incremented its reference count at a...

UBUNTU-CVE-2024-40971

In the Linux kernel, the following vulnerability has been resolved: f2fs: remove clear SBINLINECRYPT flag in defaultoptions In f2fsremount, SBINLINECRYPT flag will be clear and re-set. If create new file or open file during this gap, these files will not use inlinecrypt. Worse case, it may lead t...

PT-2024-29196 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the of k3 udma glue parse chn by id helper function in the Linux kernel, which erroneously invokes of node put on the udmax np device-node without having...

PT-2024-40805 · Git +1 · Gpac

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported. The crash involves the functions gf hevc parse nalu bs, gf inspect dump nalu internal, and inspect...

CVE-2024-36481

...

PYSEC-2024-86

Wagtail is an open source content management system built on Django. A bug in Wagtail's parsequerystring would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parsequerystring would take an unexpectedl...

GHSA-JMP3-39VP-FWG8 Wagtail regular expression denial-of-service via search query parsing

Impact A bug in Wagtail's parsequerystring would result in it taking a long time to process suitably crafted inputs. When used to parse sufficiently long strings of characters without a space, parsequerystring would take an unexpectedly large amount of time to process, resulting in a denial of...

SUSE-SU-2024:2407-1 Security update for the Linux Kernel RT (Live Patch 15 for SLE 15 SP5)

This update for the Linux Kernel 5.15.21-1505001355 fixes several issues. The following security issues were fixed: - CVE-2024-26923: Fixed false-positive lockdep splat for spinlock in unixgc bsc1223683. - CVE-2024-26828: Fixed underflow in parseserverinterfaces bsc1223363...

SUSE CVE-2024-38517

Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the intege...