1270 matches found
CVE-2021-47286
CVE-2021-47286 affects the Linux kernel MHI bus core. The issue arises when processing command completions: the channel ID read from the device event ring can be any value 0–255, risking out-of-bounds accesses. The fix adds a bounds check against the controller’s maximum channels and against chan...
SUSE CVE-2023-52695
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check writeback connectors in createvalidatestreamforsink WHY & HOW This is to check connector type to avoid unhandled null pointer for writeback connectors...
SUSE CVE-2024-36008
In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in iprouteusehint syzbot was able to trigger a NULL deref in fibvalidatesource in an old tree 1. It appears the bug exists in latest trees. All calls to indevgetrcu must be checked for a NULL result. 1...
AZL-42166 CVE-2024-36008 affecting package kernel for versions less than 6.6.35.1-4
In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in iprouteusehint syzbot was able to trigger a NULL deref in fibvalidatesource in an old tree 1. It appears the bug exists in latest trees. All calls to indevgetrcu must be checked for a NULL result. 1...
AZL-42243 CVE-2024-36008 affecting package kernel for versions less than 5.15.158.1-1
In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in iprouteusehint syzbot was able to trigger a NULL deref in fibvalidatesource in an old tree 1. It appears the bug exists in latest trees. All calls to indevgetrcu must be checked for a NULL result. 1...
DEBIAN-CVE-2023-52695
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check writeback connectors in createvalidatestreamforsink WHY & HOW This is to check connector type to avoid unhandled null pointer for writeback connectors...
UBUNTU-CVE-2023-52695
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check writeback connectors in createvalidatestreamforsink WHY & HOW This is to check connector type to avoid unhandled null pointer for writeback connectors...
DEBIAN-CVE-2024-26952
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of a few requests is invalid. This patch set the minimum value of buffer offset field to -Buffer offset to...
CVE-2024-27016 netfilter: flowtable: validate pppoe header
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure there is sufficient room to access the protocol field of the PPPoe header. Validate it once before the flowtable lookup, then use a helper function to access protocol field...
The vulnerability of the CompiledRule::validateExpression method (/api/v1/policies/validation/condition/) of the OpenMetadata metadata management platform allows a violator to execute arbitrary code.
The vulnerability of the CompiledRule::validateExpression /api/v1/policies/validation/condition/ method of the OpenMetadata platform is related to improper code generation management. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
GHSA-7VF4-X5M2-R6GR OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)
SpEL Injection in PUT /api/v1/policies GHSL-2023-252 Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able to access these APIs to exploit the vulnerability CompiledRule::validateExpression is also called from...
CVE-2024-26922 drm/amdgpu: validate the parameters of bo mapping operations more clearly
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpuvmbomap/replacemap/clearingmappings in one common place...
VulnCheck KEV: CVE-2024-28253
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...
VulnCheck KEV: CVE-2024-28254
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The AlertUtil::validateExpression method evaluates an SpEL expression using getValue which by default uses the...
The vulnerability of the bson_utf8_validate() function in the MongoDB C-Driver’s database management system allows a attacker to cause a service failure.
The vulnerability of the bsonutf8validate function in the MongoDB C-Driver database management system driver is related to a loop with an unreachable exit condition. Exploiting this vulnerability could allow a malicious actor to cause service failures...
SUSE CVE-2024-3116
pgAdmin = 8.4 is affected by a Remote Code Execution RCE vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the...
GHSA-27JX-FFW8-XRQV pgAdmin Remote Code Execution (RCE) vulnerability
pgAdmin = 8.4 is affected by a Remote Code Execution RCE vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the...
pgAdmin Remote Code Execution (RCE) vulnerability
pgAdmin = 8.4 is affected by a Remote Code Execution RCE vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the...
CVE-2024-3116
pgAdmin = 8.4 is affected by a Remote Code Execution RCE vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the...
CVE-2024-3116
CVE-2024-3116 affects pgAdmin