386 matches found
PT-2025-35970
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to an upper bound check of the tree index in the dbAllocAG function within the JFS filesystem. Specifically, the code does not verify if the...
SUSE CVE-2025-21887
In the Linux kernel, the following vulnerability has been resolved: ovl: fix UAF in ovldentryupdatereval by moving dput in ovllinkup The issue was caused by dputupper being called before ovldentryupdatereval, while upper-dflags was still accessed in ovldentryremote. Move dputupper after its last...
01os (>=0.0.1 <=0.0.13), aeiva (>=0.8.1 <=0.8.2.6) +144 more potentially affected by CVE-2024-8984 via litellm (>=1.0.0 <=1.56.10)
litellm PYPI version =1.0.0, =0.0.1, =0.8.1, =0.14.1a0, =0.0.5, =1.1.2, =0.0.4, =0.1.1, =0.5.0, =1.0.3, =0.2.10, =0.29.0, =0.59.1, =0.1.5, =1.1.1 - aigrok =0.2.1 - aijson-ml =0.1.1 and more Source cves: CVE-2024-8984 Source advisory: SNYK:PYTHON-LITELLM-9511163...
Linux Stale TLB Use-After-Free
Linux stable versions 5.4 and 5.10 suffer from a page use-after-free condition via a stale TLB entry caused by rmap lock not being held during PUD move...
CVE-2025-1942
When String.toUpperCase caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox 136 and Thunderbird 136...
DEBIAN-CVE-2022-49732
In the Linux kernel, the following vulnerability has been resolved: sock: redo the psock vs ULP protection check Commit 8a59f9d1e3d4 "sock: Introduce sk-skprot-psockupdateskprot" has moved the inetcskhasulpsk check from skpsockinit to the new tcpbpfupdateproto function. I'm guessing that this was...
UBUNTU-CVE-2022-49067
In the Linux kernel, the following vulnerability has been resolved: powerpc: Fix virtaddrvalid for 64-bit Book3E & 32-bit mpe: On 64-bit Book3E vmalloc space starts at 0x8000000000000000. Because of the way pa works we have: pa0x8000000000000000 == 0, and therefore virttopfn0x8000000000000000 == ...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the sock module not properly handling ULP protection checks during psock initialization...
Abseil 安全漏洞
Abseil is an Abseil generic library C++ open-sourced by Abseil. Abseil has a security vulnerability that stems from a buffer overflow problem caused by the size constructor, reserve and rehash methods of absl::flat,nodehashset,map not imposing an upper limit on its size parameter...
PYSEC-2025-1
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions cleanipv6address and...
DEBIAN-CVE-2024-56374
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions cleanipv6address and...
PYSEC-2025-1
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions cleanipv6address and...
UBUNTU-CVE-2024-56374
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions cleanipv6address and...
SUSE CVE-2024-53042
In the Linux kernel, the following vulnerability has been resolved: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow There are code paths from which the function is called without holding the RCU read lock, resulting in a suspicious RCU usage warning 1. Fix by using...
UBUNTU-CVE-2024-53042
In the Linux kernel, the following vulnerability has been resolved: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelinitflow There are code paths from which the function is called without holding the RCU read lock, resulting in a suspicious RCU usage warning 1. Fix by using...
The ROI of Security Investments: How Cybersecurity Leaders Prove It
Cyber threats are intensifying, and cybersecurity has become critical to business operations. As security budgets grow, CEOs and boardrooms are demanding concrete evidence that cybersecurity initiatives deliver value beyond regulation compliance. Just like you wouldn't buy a car without knowing i...
UBUNTU-CVE-2022-49026
In the Linux kernel, the following vulnerability has been resolved: e100: Fix possible use after free in e100xmitprepare In e100xmitprepare, if we can't map the skb, then return -ENOMEM, so e100xmitframe will return NETDEVTXBUSY and the upper layer will resend the skb. But the skb is already free...
TensorFlow segfault in array_ops.upper_bound
...
GHSA-RPFR-3M35-5VX5 Hono CSRF middleware can be bypassed using crafted Content-Type header
Summary Hono CSRF middleware can be bypassed using crafted Content-Type header. Details MIME types are case insensitive, but isRequestedByFormElementRe only matches lower-case. https://github.com/honojs/hono/blob/b0af71fbcc6dbe44140ea76f16d68dfdb32a99a0/src/middleware/csrf/index.tsL16-L17 As a...
PT-2024-30656 · Hono · Hono
Name of the Vulnerable Software and Affected Versions: Hono versions prior to 4.5.8 Description: The Hono CSRF middleware can be bypassed using a crafted Content-Type header. This is due to the fact that MIME types are case insensitive, but the isRequestedByFormElementRe function only matches...