12 matches found
PT-2026-37177
Name of the Vulnerable Software and Affected Versions Avo versions prior to 3.31.2 Description A broken access control issue exists in the ActionsController due to insecure action lookup logic in the action class function. An authenticated user can execute any Action class that descends from...
Angular has XSS Vulnerability via Unsanitized SVG Script Attributes
A Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. The vulnerability exists because Angular’s internal sanitization schema fails to recognize the href and xlink:href attributes of SVG elements as a Resource URL context. In a standard security model,...
Linux Distros Unpatched Vulnerability : CVE-2024-46850
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn35setdrr and dcstatedestruct dcstatedestruct nulls th...
SUSE CVE-2024-46850
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn35setdrr and dcstatedestruct dcstatedestruct nulls the resource context of the DC state. The pipe context passed to dcn35setdrr is a member of this resource context. If dcstatedestruct is...
SUSE CVE-2024-46851
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn10setdrr and dcstatedestruct dcstatedestruct nulls the resource context of the DC state. The pipe context passed to dcn10setdrr is a member of this resource context. If dcstatedestruct is...
UBUNTU-CVE-2024-46850
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn35setdrr and dcstatedestruct dcstatedestruct nulls the resource context of the DC state. The pipe context passed to dcn35setdrr is a member of this resource context. If dcstatedestruct is...
CVE-2024-46851 drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn10setdrr and dcstatedestruct dcstatedestruct nulls the resource context of the DC state. The pipe context passed to dcn10setdrr is a member of this resource context. If dcstatedestruct is...
CVE-2024-46850 drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn35setdrr and dcstatedestruct dcstatedestruct nulls the resource context of the DC state. The pipe context passed to dcn35setdrr is a member of this resource context. If dcstatedestruct is...
CVE-2024-46850
CVE-2024-46850 – Linux kernel drm/amd/display race condition : The issue arises in dcn35_set_drr() when the DC state’s resource context is nulled by dc_state_destruct() while an IRQ path uses the timing generator. The documented root cause is a race where nulling happens after a NULL check, poten...
SUSE CVE-2016-1639
Use-after-free vulnerability in browser/extensions/api/webrtcaudioprivate/webrtcaudioprivateapi.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging...
chromium-browser: use-after-free in WebRTC
Use-after-free vulnerability in browser/extensions/api/webrtcaudioprivate/webrtcaudioprivateapi.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging...
CVE-2016-1639
Removed by vendor...