jq 安全漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.1 and earlier have security vulnerabilities; these vulnerabilities stem from unbounded recursion in jvobjectmergerecursive. This recursion allows malicious programs to cause program crashes with...

CVE-2024-56768

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpfgetsmpprocessorid on !CONFIGSMP On x86-64 calling bpfgetsmpprocessorid in a kernel with CONFIGSMP disabled can trigger the following bug, as pcpuhot is unavailable: 8.471774 BUG: unable to handle page fault for addres...

DEBIAN-CVE-2024-42251

In the Linux kernel, the following vulnerability has been resolved: mm: pageref: remove foliotrygetrcu The below bug was reported on a non-SMP kernel: 275.267158 T4335 ------------ cut here ------------ 275.267949 T4335 kernel BUG at include/linux/pageref.h:275! 275.268526 T4335 invalid opcode:...

Mozilla: Access violation with XSLT and uninitialized data (MFSA 2013-95)

The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote...

CVE-2012-2934

CVE-2012-2934 affects Xen 4.0/4.1 when a 64‑bit PV guest runs on older AMD CPUs; Xen fails to detect AMD Erratum #121, allowing a local unprivileged guest to cause a host hang (crash) via non‑canonical address handling. Debians/Red Hat advisories note mitigations: upgrade Xen to fixed releases (e...

AMD K6 Processor - Denial of Service

source: https://www.securityfocus.com/bid/105/info A bug in Advance Micro Devices K6 processor allows non-privileged code to crash the machine. Under Linux 2.1.x a bug stops this vulnerability. $ cat a.s .text .align 4096 / r1 / .globl start start: movl start, %edi / S1 / cmpb 0x80000000%edi,%dl ...