CVE-2024-36899 gpiolib: cdev: Fix use after free in lineinfo_changed_notify

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfochangednotify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpiochrdevrelease, watchedlines is freed by bitmapfree, but the...

CVE-2024-36899 gpiolib: cdev: Fix use after free in lineinfo_changed_notify

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfochangednotify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpiochrdevrelease, watchedlines is freed by bitmapfree, but the...

Exploit for Use After Free in Linux Linux_Kernel

CVE-2024-1086 Universal local privilege escalation Proof-of-C...

CVE-2021-47010 net: Only allow init netns to set default tcp cong to a restricted algo

In the Linux kernel, the following vulnerability has been resolved: net: Only allow init netns to set default tcp cong to a restricted algo tcpsetdefaultcongestioncontrol is netns-safe in that it writes to &net-ipv4.tcpcongestioncontrol, but it also sets ca-flags |= TCPCONGNONRESTRICTED which is...

PT-2024-20455 · Vyper · Vyper

Name of the Vulnerable Software and Affected Versions: Vyper versions prior to 0.4.0 Description: The issue arises when using the built-in extract32b, start function in Vyper, a pythonic Smart Contract Language for the Ethereum virtual machine. If the start index provided has a side effect that...

CVE-2023-41881 Deleting a collaboration should also delete linked resources

vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources such as tasks from that collaboration should be deleted. This is partly to manage data properly, but also to prevent a potential but unlikely side-effect that affects versions...

CVE-2022-2522

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061...

CVE-2020-36326

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in...

CVE-2020-12954

A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification...

CVE-2021-38604

In librt in the GNU C Library aka glibc through 2.34, sysdeps/unix/sysv/linux/mqnotify.c mishandles certain NOTIFYREMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix...

CVE-2021-38604

In librt in the GNU C Library aka glibc through 2.34, sysdeps/unix/sysv/linux/mqnotify.c mishandles certain NOTIFYREMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix...

infinispan-server-rest: Actions with effects should not be permitted via GET requests using REST API

A flaw was found in infinispan-server-rest version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a Cross-site request forgery CSRF attack...

CVE-2020-36326

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in...

Google Chrome 80 JSCreate Side-Effect Type Confusion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Google Chrome 80 JSCreate side-effect type confusion exploit', 'Description' = %q This module exploits an issue in Google Chrome 80.0.3987.87 64...

Google Chrome 80 JSCreate side-effect type confusion exploit

This module exploits an issue in Google Chrome 80.0.3987.87 64 bit. The exploit corrupts the length of a float array floatrel, which can then be used for out of bounds read and write on adjacent memory. The relative read and write is then used to modify a UInt64Array uint64aarw which is used for...

Google Chrome V8 - Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write

!-- Since commit https://chromium.googlesource.com/v8/v8.git/+/c22bb466d8934685d897708119543d099b9d2a9a turbofan supports inlining calls to array.includes and array.indexOf. The logic of the function is roughly: 1. Check the set of possible Maps of the array type with...

UBUNTU-CVE-2018-17463

Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

CVE-2018-17463

Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

HackerOne: Improper UUID validation results in bypass of #419896

This was found while evaluating the vulnerability and patch identified in 419896. I determined the deployed patch to be effective. However, I noticed tracer values could be sent which didn't conform to the UUID specification as characters outside of the a-f and 0-9 ranges could be used. For...

F5 Networks BIG-IP : Linux kernel SCTP vulnerabilities (K15910)

CVE-2014-3673 The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service system crash via a malformed ASCONF chunk, related to net/sctp/smmakechunk.c and net/sctp/smstatefuns.c. CVE-2014-3687 The sctpassoclookupasconfack function in...