6049 matches found
CVE-2022-48734
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between quota disable and qgroup rescan worker Quota disable ioctl starts a transaction before waiting for the qgroup rescan worker completes. However, this wait can be infinite and results in deadlock because...
UBUNTU-CVE-2022-48770
In the Linux kernel, the following vulnerability has been resolved: bpf: Guard against accessing NULL ptregs in bpfgettaskstack taskptregs can return NULL on powerpc for kernel threads. This is then used in bpfgetstack to check for user mode, resulting in a kernel oops. Guard against this by...
CVE-2022-48734 btrfs: fix deadlock between quota disable and qgroup rescan worker
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between quota disable and qgroup rescan worker Quota disable ioctl starts a transaction before waiting for the qgroup rescan worker completes. However, this wait can be infinite and results in deadlock because...
CVE-2021-47582
In the Linux kernel, the following vulnerability has been resolved: USB: core: Make doproccontrol and doprocbulk killable The USBDEVFSCONTROL and USBDEVFSBULK ioctls invoke usbstartwaiturb, which contains an uninterruptible wait with a user-specified timeout value. If timeout value is very large...
DEBIAN-CVE-2021-47577
In the Linux kernel, the following vulnerability has been resolved: io-wq: check for wq exit after adding new worker taskwork We check IOWQBITEXIT before attempting to create a new worker, and wq exit cancels pending work if we have any. But it's possible to have a race between the two, where...
CVE-2021-47576
In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Sanity check block descriptor length in respmodeselect In respmodeselect sanity check the block descriptor len to avoid UAF. BUG: KASAN: use-after-free in respmodeselect+0xa4c/0xb40 drivers/scsi/scsidebug.c:2509...
UBUNTU-CVE-2021-47577
In the Linux kernel, the following vulnerability has been resolved: io-wq: check for wq exit after adding new worker taskwork We check IOWQBITEXIT before attempting to create a new worker, and wq exit cancels pending work if we have any. But it's possible to have a race between the two, where...
CVE-2021-47576 scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()
In the Linux kernel, the following vulnerability has been resolved: scsi: scsidebug: Sanity check block descriptor length in respmodeselect In respmodeselect sanity check the block descriptor len to avoid UAF. BUG: KASAN: use-after-free in respmodeselect+0xa4c/0xb40 drivers/scsi/scsidebug.c:2509...
CVE-2024-38544
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix seg fault in rxecompqueuepkt In rxecompqueuepkt an incoming response packet skb is enqueued to the resppkts queue and then a decision is made whether to run the completer task inline or schedule it. Finally the skb ...
CVE-2024-38578
In the Linux kernel, the following vulnerability has been resolved: ecryptfs: Fix buffer size for tag 66 packet The 'TAG 66 Packet Format' description is missing the cipher code and checksum fields that are packed into the message packet. As a result, the buffer allocated for the packet is 3 byte...
CVE-2024-38544
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix seg fault in rxecompqueuepkt In rxecompqueuepkt an incoming response packet skb is enqueued to the resppkts queue and then a decision is made whether to run the completer task inline or schedule it. Finally the skb ...
CVE-2024-38595 net/mlx5: Fix peer devlink set for SF representor devlink port
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix peer devlink set for SF representor devlink port The cited patch change register devlink flow, and neglect to reflect the changes for peer devlink set logic. Peer devlink set is triggering a call trace if done after...
CVE-2024-38544 RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix seg fault in rxecompqueuepkt In rxecompqueuepkt an incoming response packet skb is enqueued to the resppkts queue and then a decision is made whether to run the completer task inline or schedule it. Finally the skb ...
CVE-2024-38544
CVE-2024-38544 relates to a Linux kernel vulnerability in RDMA/rxe where a segfault could occur in rxe_comp_queue_pkt. The root cause was dereferencing a previously freed skb because the code accessed hw counters after enqueuing, and the completion task might run in another thread. The fix change...
The vulnerability in the Web application for managing educational processes, SourceCodester School Task Manager, arises from the failure to protect the SQL query structure. This allows attackers to gain unauthorized access to the application’s database.
The vulnerability of the Web-based School Process Management Application SourceCodester School Task Manager is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to gain unauthorized access to the...
PT-2024-22648 · Dell · Dell Scg
Name of the Vulnerable Software and Affected Versions: Dell SCG versions prior to 5.24.00.00 Description: The issue is related to an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API. This could allow a remote low privileged attacker to execute certain...
CVE-2021-47309
A vulnerability was found in the Linux kernel's networking component, where the skbtunnelinfo function can return unvalidated data. This issue arises because the function does not check the type of lwtstate-data before using it, which could lead to accessing incompatible data types and cause memo...
CVE-2024-22261
SQL-Injection in Harbor allows priviledge users to leak the task IDs...
CVE-2024-22261
SQL-Injection in Harbor allows priviledge users to leak the task IDs...
CVE-2024-22261 SQL Injection in Harbor scan log API
SQL-Injection in Harbor allows priviledge users to leak the task IDs...