EUVD-2024-51800

Malicious code in bioql PyPI...

SUSE CVE-2024-53128

In the Linux kernel, the following vulnerability has been resolved: sched/taskstack: fix objectisonstack for KASAN tagged pointers When CONFIGKASANSWTAGS and CONFIGKASANSTACK are enabled, the objectisonstack function may produce incorrect results due to the presence of tags in the obj pointer,...

CVE-2024-53128

The CVE-2024-53128 issue is in the Linux kernel’s sched/task_stack path: when CONFIG_KASAN_SW_TAGS and CONFIG_KASAN_STACK are enabled, object_is_on_stack() may yield incorrect results because tagged pointers in the object could differ from the untagged stack pointer. The result can trigger warnin...

CVE-2024-53128 sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers

In the Linux kernel, the following vulnerability has been resolved: sched/taskstack: fix objectisonstack for KASAN tagged pointers When CONFIGKASANSWTAGS and CONFIGKASANSTACK are enabled, the objectisonstack function may produce incorrect results due to the presence of tags in the obj pointer,...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the objectisonstack function of the KASAN marker pointer in the sched/taskstack module that may produce incorrec...

CVE-2018-17901

LAquis SCADA Versions 4.1.0.3870 and prior, when processing project files the application fails to sanitize user input prior to performing write operations on a stack object, which may allow an attacker to execute code under the current process...

Code injection

LAquis SCADA Versions 4.1.0.3870 and prior, when processing project files the application fails to sanitize user input prior to performing write operations on a stack object, which may allow an attacker to execute code under the current process...

CVE-2018-17901

LAquis SCADA Versions 4.1.0.3870 and prior, when processing project files the application fails to sanitize user input prior to performing write operations on a stack object, which may allow an attacker to execute code under the current process...

CVE-2018-14800

Delta Electronics ISPSoft version 3.0.5 and prior allow an attacker, by opening a crafted file, to cause the application to read past the boundary allocated to a stack object, which could allow execution of code under the context of the application...

kernel: Information leak in Linux sound module in timer.c

A vulnerability was found in Linux kernel. There is an information leak in file "sound/core/timer.c" of the latest mainline Linux kernel, the stack object “tread” has a total size of 32 bytes. It contains a 8-bytes padding, which is not initialized but sent to user via copytouser, resulting a...

Linux kernel sound module information disclosure vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. An information disclosure vulnerability exists in the sound module of the Linux kernel, which stems from a program's failure to initialize the padding bytes in the 'tread' sta...

Linux kernel rtnetlink information disclosure vulnerability

Linux kernel is an open source operating system. Linux kernel's rtnetlink fails to initialize padding bytes in the 'map' stack object, allowing a local attacker to exploit the vulnerability to obtain kernel information...

Linux kernel devio information disclosure vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. An information disclosure vulnerability exists in the Linux kernel's devio, which stems from a program's failure to initialize the padding bytes in the 'map' stack object. An...

Linux kernel information disclosure vulnerability (CNVD-2016-02915)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. An information disclosure vulnerability exists in the llc module of the Linux kernel, which stems from a program's failure to initialize the padding bytes in the 'info' stack...