Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from xfrm not removing intermediate secpath entries in package uninstall mode...

DEBIAN-CVE-2022-49627

In the Linux kernel, the following vulnerability has been resolved: ima: Fix potential memory leak in imainitcrypto On failure to allocate the SHA1 tfm, IMA fails to initialize and exits without freeing the imaalgoarray. Add the missing kfree for imaalgoarray to avoid the potential memory leak...

UBUNTU-CVE-2025-1009

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

CVE-2024-38764

Cross-Site Request Forgery CSRF vulnerability in Marsian allows Cross Site Request Forgery.This issue affects i-transform: from n/a through 3.0.9...

CVE-2024-38764

CVE-2024-38764 affects WordPress i-transform theme (≤3.0.9). The connected records confirm a CSRF vulnerability tied to the i-transform theme, with the CVE description stating cross-site request forgery is possible. Public materials list the affected component and indicate a CSRF risk, but the so...

CVE-2024-38764 WordPress i-transform theme <= 3.0.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Marsian allows Cross Site Request Forgery.This issue affects i-transform: from n/a through 3.0.9...

WordPress plugin i-transform 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...

AZL-54735 CVE-2024-56647 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering iprtbug arp link failure may trigger iprtbug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 iprtbug+0x14/0x20 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm...

PT-2024-36956

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-rc6-00077-g2e1b3cc9d7f7 Description A vulnerability in the Linux kernel has been resolved, which could trigger an ip rt bug when an arp link failure occurs while xfrm is enabled. The issue arises from the...

CVE-2023-39176

A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose...

DEBIAN-CVE-2023-39176

A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose...

CVE-2023-39176 Kernel: ksmbd: transform header out-of-bounds read information disclosure vulnerability

A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose...

CVE-2023-39176

CVE-2023-39176 concerns the ksmbd kernel module in Linux, where parsing of SMB2 transform-header requests allows reading past the end of an allocated buffer. This results in information disclosure on affected systems with ksmbd enabled. Public sources in the connected documents consistently descr...

Malicious code in babel-plugin-transform-vuex-analysis (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 661cbd3eaaae7ee5bb113192279e6ba2e72c5c5363fe668209893a70debd3248 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10695 Malicious code in babel-plugin-transform-vuex-analysis (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 661cbd3eaaae7ee5bb113192279e6ba2e72c5c5363fe668209893a70debd3248 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Fedora 37 : bash (2022-bf387ff344)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-bf387ff344 advisory. Add a null check in parameterbracetransform function Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

PT-2024-40615 · Git +1 · Libultrahdr

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported. The crash involves the following functions: convsamp, forward DCT, and compress data. No informati...

UBUNTU-CVE-2024-49953

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash caused by calling xfrmstatedelete twice The km.state is not checked in driver's delayed work. When xfrmstatecheckexpire is called, the state can be reset to XFRMSTATEEXPIRED, even if it is XFRMSTATEDEAD...

MAL-2024-9771 Malicious code in plugin-transform-unicode-sets-regex (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9770 Malicious code in plugin-transform-unicode-property-regex (npm)

--- -= Per source details. Do not edit below this line.=-...