Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a memory leak in the device probe...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the addition of a disable/clear MSIX privilege entry on device shutdown to mirror the MSIX entry enabled on...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the GTDT driver unmapping its previously mapped interrupts when driver probing fails due to invalid firmware...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a NULL pointer dereference problem in smb2probe...

CVE-2023-52465 power: supply: Fix null pointer dereference in smb2_probe

In the Linux kernel, the following vulnerability has been resolved: power: supply: Fix null pointer dereference in smb2probe devmkasprintf and devmkzalloc return a pointer to dynamically allocated memory which can be NULL upon failure...

CVE-2024-26605 PCI/ASPM: Fix deadlock when enabling ASPM

In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a potential deadlock when enabling ASPM during probe of Qualcomm PCIe controllers as reported by lockdep:...

CVE-2024-26605 PCI/ASPM: Fix deadlock when enabling ASPM

In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a potential deadlock when enabling ASPM during probe of Qualcomm PCIe controllers as reported by lockdep:...

PT-2024-7285 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the nct6775 component of the Linux kernel, which is associated with errors reading beyond the buffer boundaries. This can result in access errors being reported...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a denial of service vulnerability caused by an invalid memory access in the built-in probe. An attacker can exploit the vulnerability to cause the browser to crash...

PT-2024-7718 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the handling of quirks applicable to ACPI-based platforms in the Linux kernel. While refactoring the way the ITSs are probed, the handling of these quirks was...

CVE-2023-6935

wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSLSTATICRSA" The define “WOLFSSLSTATICRSA” enables static RSA cipher suites, which is n...

CVE-2023-6231

Buffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and...

Buffer overflow

Buffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and...

CVE-2023-6231

CVE-2023-6231 describes a buffer overflow in the WSD probe request handling of Canon Office/MFP and Laser printers (e.g., Satera LBP670C, MF750C, Color imageCLASS LBP674C/LBP1333C, i‑SENSYS LBP673Cdw, MF750C, etc.). Affected firmware v03.07 and earlier allow a network‑segment attacker to cause de...

CVE-2023-6231

Buffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and...

(Pwn2Own) Canon imageCLASS MF753Cdw Probe message Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF753Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of Probe messages. The issue results from the...

CVE-2023-4554

Improper Restriction of XML External Entity Reference vulnerability in OpenText AppBuilder on Windows, Linux allows Server Side Request Forgery, Probe System Files. AppBuilder's XML processor is vulnerable to XML External Entity Processing XXE, allowing an authenticated user to upload specially...

Input validation

Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted. Thi...

Input validation

Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server - including access to its local file system. This...

CVE-2023-4553

CVE-2023-4553 affects OpenText AppBuilder (versions 21.2 through 23.2). The vulnerability is due to improper input validation, enabling probing of system files. Additionally, AppBuilder configuration files are viewable by unauthenticated users. Impact is described as low confidentiality risk (C) ...