Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: phy: usb: sunplus: Fix for a potential null-ptr-dereference in spusb PhyProbe. spusb PhyProbe will call platformgetresourcebyname, which may fail and return NULL. devmioremap will use usbphy-moon4resmem-start as an input, which m...

AVideo has SSRF Protection Bypass via HTTP Redirect in Image Download Endpoints

Summary isSSRFSafeURL validates URLs against private/reserved IP ranges before fetching, but urlgetcontents follows HTTP redirects without re-validating the redirect target. An attacker can bypass SSRF protection by redirecting from a public URL to an internal target. Root Cause Check-time:...

SUSE CVE-2022-50888

In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5wcssinitmmio q6v5wcssinitmmio will call platformgetresourcebyname that may fail and return NULL. devmioremap will use res-start as input, which may causes null-ptr-deref...

CVE-2022-50888

In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5wcssinitmmio q6v5wcssinitmmio will call platformgetresourcebyname that may fail and return NULL. devmioremap will use res-start as input, which may causes null-ptr-deref...

bus: fsl-mc: Check return value of platform_get_resource()

...

EUVD-2016-3903

Malware in sbrugna...

EUVD-2017-2961

Malware in sbrugna...

SUSE CVE-2022-49756

In the Linux kernel, the following vulnerability has been resolved: phy: usb: sunplus: Fix potential null-ptr-deref in spusbphyprobe spusbphyprobe will call platformgetresourcebyname that may fail and return NULL. devmioremap will use usbphy-moon4resmem-start as input, which may causes...

CVE-2022-49756 phy: usb: sunplus: Fix potential null-ptr-deref in sp_usb_phy_probe()

In the Linux kernel, the following vulnerability has been resolved: phy: usb: sunplus: Fix potential null-ptr-deref in spusbphyprobe spusbphyprobe will call platformgetresourcebyname that may fail and return NULL. devmioremap will use usbphy-moon4resmem-start as input, which may causes...

DEBIAN-CVE-2022-49495

In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: check return value after calling platformgetresourcebyname It will cause null-ptr-deref if platformgetresourcebyname returns NULL, we need check the return value. Patchwork:...

DEBIAN-CVE-2022-49475

In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-qspi: check return value after calling platformgetresourcebyname It will cause null-ptr-deref if platformgetresourcebyname returns NULL, we need check the return value...

UBUNTU-CVE-2022-49475

In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-qspi: check return value after calling platformgetresourcebyname It will cause null-ptr-deref if platformgetresourcebyname returns NULL, we need check the return value...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the aspeedvuartprobe function not checking the return value of platformgetresource, which could result in a...

SUSE CVE-2018-10074

The hi3660stubclkprobe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service NULL pointer dereference by triggering a failure of resource retrieval...

Unauthenticated book download and view details

Description A unauthenticated user can download, view the details and resources, and retrieve individual pages of any book in the system without any kind of authorization or authentication verification. \ \ Unauthenticated book operations list: 1 - Download any book via the /api/reader/pdf...

GSD-2022-1003626 drm/msm/hdmi: check return value after calling platform_get_resource_byname()

drm/msm/hdmi: check return value after calling platformgetresourcebyname This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.121 by commit...

CVE-2020-14160

Gotenberg up to version 6.2.1 contains an SSRF in the remote URL to PDF conversion, allowing an attacker to read local files or access intranet resources. Affected component is the PDF conversion endpoint that processes remote URLs. The issue is evidenced across multiple sources (NVD description ...

CVE-2018-10074

The hi3660stubclkprobe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service NULL pointer dereference by triggering a failure of resource retrieval...

Linux kernel hi3660_stub_clk_probe function denial-of-service vulnerability

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A denial of service vulnerability exists in the hi3660stubclkprobe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel. A local user can exploit th...

Null pointer dereference

The hi3660stubclkprobe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service NULL pointer dereference by triggering a failure of resource retrieval...