Exploit for OS Command Injection in Php

Orange Tsi 🍊 This vulnerability was found by Orange Tsai @oran...

SUSE CVE-2022-0998

An integer overflow flaw was found in the Linux kernel's virtio device driver code in the way a user triggers the vhostvdpaconfigvalidate function. This flaw allows a local user to crash or potentially escalate their privileges on the system...

GHSA-8HQG-WHRW-PV92 Ollama does not validate the format of the digest (sha256 with 64 hex digits)

Ollama before 0.1.34 does not validate the format of the digest sha256 with 64 hex digits when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring...

PT-2024-32208

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the Linux kernel, specifically in the drm/amd/display component. A NULL check has been added at the start of the dc validate stream function to prevent invalid...

AZL-42234 CVE-2023-52827 affecting package kernel for versions less than 5.15.158.2-1

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix possible out-of-bound read in ath12khttpullppdustats len is extracted from HTT message and could be an unexpected value in case errors happen, so add validation before using to avoid possible out-of-bound read i...

UBUNTU-CVE-2023-52827

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix possible out-of-bound read in ath12khttpullppdustats len is extracted from HTT message and could be an unexpected value in case errors happen, so add validation before using to avoid possible out-of-bound read i...

CVE-2021-47309

In the Linux kernel, the following vulnerability has been resolved: net: validate lwtstate-data before returning from skbtunnelinfo skbtunnelinfo returns pointer of lwtstate-data as iptunnelinfo type without validation. lwtstate-data can have various types such as mplsiptunnelencap, etc and these...

CVE-2021-47286

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device which can be any value between 0 and 255. In order to prevent any out of bound...

CVE-2021-47286 bus: mhi: core: Validate channel ID when processing command completions

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device which can be any value between 0 and 255. In order to prevent any out of bound...

CVE-2021-47286

CVE-2021-47286 affects the Linux kernel MHI bus core. The issue arises when processing command completions: the channel ID read from the device event ring can be any value 0–255, risking out-of-bounds accesses. The fix adds a bounds check against the controller’s maximum channels and against chan...

SUSE CVE-2023-52695

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check writeback connectors in createvalidatestreamforsink WHY & HOW This is to check connector type to avoid unhandled null pointer for writeback connectors...

SUSE CVE-2024-36008

In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in iprouteusehint syzbot was able to trigger a NULL deref in fibvalidatesource in an old tree 1. It appears the bug exists in latest trees. All calls to indevgetrcu must be checked for a NULL result. 1...

AZL-42166 CVE-2024-36008 affecting package kernel for versions less than 6.6.35.1-4

In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in iprouteusehint syzbot was able to trigger a NULL deref in fibvalidatesource in an old tree 1. It appears the bug exists in latest trees. All calls to indevgetrcu must be checked for a NULL result. 1...

AZL-42243 CVE-2024-36008 affecting package kernel for versions less than 5.15.158.1-1

In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in iprouteusehint syzbot was able to trigger a NULL deref in fibvalidatesource in an old tree 1. It appears the bug exists in latest trees. All calls to indevgetrcu must be checked for a NULL result. 1...

DEBIAN-CVE-2023-52695

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check writeback connectors in createvalidatestreamforsink WHY & HOW This is to check connector type to avoid unhandled null pointer for writeback connectors...

UBUNTU-CVE-2023-52695

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check writeback connectors in createvalidatestreamforsink WHY & HOW This is to check connector type to avoid unhandled null pointer for writeback connectors...

DEBIAN-CVE-2024-26952

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of a few requests is invalid. This patch set the minimum value of buffer offset field to -Buffer offset to...

CVE-2024-27016 netfilter: flowtable: validate pppoe header

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure there is sufficient room to access the protocol field of the PPPoe header. Validate it once before the flowtable lookup, then use a helper function to access protocol field...

The vulnerability of the CompiledRule::validateExpression method (/api/v1/policies/validation/condition/) of the OpenMetadata metadata management platform allows a violator to execute arbitrary code.

The vulnerability of the ‎CompiledRule::validateExpression /api/v1/policies/validation/condition/ method of the OpenMetadata platform is related to improper code generation management. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

GHSA-7VF4-X5M2-R6GR OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)

SpEL Injection in PUT /api/v1/policies GHSL-2023-252 Please note, only authenticated users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able to access these APIs to exploit the vulnerability CompiledRule::validateExpression is also called from...