17 matches found
CVE-2025-13350
Ubuntu Linux 6.8 GA retains the legacy AFUNIX garbage collector but backports upstream commit 8594d9b85c07 "afunix: Don’t call skbget for OOB skb". When orphaned MSGOOB sockets hit unixgc, the garbage collector still calls kfreeskb as if OOB SKBs held two references; on Ubuntu Linux 6.8 Noble...
CVE-2024-46736
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double put of @cfile in smb2renamepath If smb2setpathattr is called with a valid @cfile and returned -EINVAL, we need to call cifsgetwritablepath again as the reference of @cfile was already dropped by previous...
qt5-qtquickcontrols bug fix and enhancement update
An update is available for qt5-qtquickcontrols. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rock...
CVE-2022-29502
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges...
CVE-2021-41089
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem,...
CVE-2021-3598
There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability...
CVE-2010-4532
offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks...
CVE-2019-14528
GnuCOBOL 2.2 has a heap-based buffer overflow in readliteral in cobc/scanner.l via crafted COBOL source code...
CVE-2018-14938
An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handleprism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle80211, which will result in an out-of-bounds...
CVE-2018-9144
In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure...
CVE-2018-7725
An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzipdiskfread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service...
CVE-2017-7975
Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2buildhuffmantable function in jbig2huffman.c during operations on a crafted JBIG2 file, leading to a denial of service application crash or possibly execution of arbitrary code...
graphite2 security, bug fix, and enhancement update
1.3.6-1 - Related: rhbz1309052 CVE-2016-1521 CVE-2016-1522 CVE-2016-1523 CVE-2016-1526 1.3.5-1 - Resolves: rhbz1309052 CVE-2016-1521 CVE-2016-1522 CVE-2016-1523 CVE-2016-1526 1.2.4-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora24MassRebuild 1.2.4-5 - Rebuilt for...
CVE-2015-1280
SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data...
kernel security and bug fix update
kernel 2.6.18-406.0.0.0.1 - netfront fix ring buffer index go back led vif stop orabug 18272251 - net fix tcptrimhead James Li orabug 14512145, 19219078 - ocfs2: dlm: fix recovery hung Junxiao Bi orabug 13956772 - i386: fix MTRR code Zhenzhong Duan orabug 15862649 - oprofile x86, mm: Add...
kernel security and bug fix update
kernel 2.6.18-308.13.1.el5 - net e1000e: Cleanup logic in e1000checkforserdeslink82571 Dean Nelson 841370 771366 - net e1000e: Correct link check logic for 82571 serdes Dean Nelson 841370 771366 - mm NULL pointer dereference in vmenoughmemory Jerome Marchand 840077 836244 - fs dlm: fix slow rsb...
CVE-2012-2133
Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service system crash or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount operation that triggers improper handling of...