10 matches found
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ext4: use of a stale path after allocation in ext4extinsertextent As Ojaswin mentioned in the link, in ext4extinsertextent, if the path is reallocated during ext4extcreatenewleaf, we will use a stale path, leading to a...
CVE-2026-4557
A vulnerability was detected in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/updates1.php. Performing a manipulation of the argument sname results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be use...
CVE-2025-68370
In the Linux kernel, CVE-2025-68370 affects the coresight tmc path handling. The fix adds the event handle to the coresight_path so dependent devices can access it (required to retrieve AUX_EVENT per CPU in perf mode). Reproduction example uses perf record -e cs_etm//k -C 0-9, which could trigger...
kernel: ext4: aovid use-after-free in ext4_ext_insert_extent()
In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4extinsertextent As Ojaswin mentioned in Link, in ext4extinsertextent, if the path is reallocated in ext4extcreatenewleaf, we'll use the stale path and cause UAF. Below is a sample trace with dumm...
SUSE CVE-2024-49883
In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4extinsertextent As Ojaswin mentioned in Link, in ext4extinsertextent, if the path is reallocated in ext4extcreatenewleaf, we'll use the stale path and cause UAF. Below is a sample trace with dumm...
SUSE CVE-2024-49881
In the Linux kernel, the following vulnerability has been resolved: ext4: update origpath in ext4findextent In ext4findextent, if the path is not big enough, we free it and set origpath to NULL. But after reallocating and successfully initializing the path, we don't update origpath, in which case...
AZL-51544 CVE-2024-49881 affecting package kernel for versions less than 5.15.173.1-1
In the Linux kernel, the following vulnerability has been resolved: ext4: update origpath in ext4findextent In ext4findextent, if the path is not big enough, we free it and set origpath to NULL. But after reallocating and successfully initializing the path, we don't update origpath, in which case...
UBUNTU-CVE-2024-49883
In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4extinsertextent As Ojaswin mentioned in Link, in ext4extinsertextent, if the path is reallocated in ext4extcreatenewleaf, we'll use the stale path and cause UAF. Below is a sample trace with dumm...
CVE-2022-27476
A cross-site scripting XSS vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName parameter...
SUSE-SU-2021:0449-1 Security update for perl-File-Path
This update for perl-File-Path fixes the following issues: - Provide File::Path version 2.15 to SLE-12-SP5 jscSLE-17088, jscECO-3050 - CVE-2017-6512: fix a race condition in the File-Path module for Perl...