lighttpd 安全漏洞

lighttpd is an open source web server developed by Jan Kneschke in Germany. A security vulnerability exists in lighttpd that originates from a denial-of-service attack that can be triggered via CLOSEWAIT / CONSTATEREADPOST...

GSD-2022-1005483 gadgetfs: ep_io - wait until IRQ finishes

gadgetfs: epio - wait until IRQ finishes This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.63 by commit...

PT-2022-33607 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.2 Description: The issue allows waiting for commands to complete on a removed device. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...

CVE-2022-2764

A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LASTCHUNK forever for EJB invocations...

PT-2022-18544 · Undertow · Undertow

Name of the Vulnerable Software and Affected Versions: Undertow affected versions not specified Description: A flaw was found in Undertow, allowing denial of service as the Undertow server waits for the LAST CHUNK forever for EJB invocations. Recommendations: At the moment, there is no informatio...

GSD-2022-1002986 watchdog: rzg2l_wdt: Fix 'BUG: Invalid wait context'

watchdog: rzg2lwdt: Fix 'BUG: Invalid wait context' This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.15 by commit...

DEBIAN-CVE-2022-1679

A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9khtcwaitfortarget function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse flaw found in the Athero wireless adapter driver, where the user forces the...

OESA-2022-1615 bind security update

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

CVE-2022-28796

jbd2journalwaitupdates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transactiont race condition...

AZL-9331 CVE-2022-28796 affecting package kernel for versions less than 5.15.37.1-2

jbd2journalwaitupdates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transactiont race condition...

UBUNTU-CVE-2022-28796

jbd2journalwaitupdates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transactiont race condition...

DEBIAN-CVE-2022-0396

BIND 9.16.11 - 9.16.26, 9.17.0 - 9.18.0 and versions 9.16.11-S1 - 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSEWAIT status for an indefinite period of time, even after the client has terminated the connection...

ALPINE-CVE-2022-0396

BIND 9.16.11 - 9.16.26, 9.17.0 - 9.18.0 and versions 9.16.11-S1 - 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSEWAIT status for an indefinite period of time, even after the client has terminated the connection...

ISC BIND 资源管理错误漏洞

ISC BIND is a suite of open source software from ISC Corporation that implements the DNS protocol. A resource management error vulnerability exists in ISC BIND, which stems from the fact that a TCP connection with "keep-response-order" enabled may leave the TCP interface in the "CLOSEWAIT " state...

DEBIAN-CVE-2021-4145

A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The self pointer is dereferenced in mirrorwaitonconflicts without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on t...

AZL-8347 CVE-2021-4145 affecting package qemu for versions less than 6.2.0-2

A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The self pointer is dereferenced in mirrorwaitonconflicts without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on t...

Wolfssl 缓冲区错误漏洞

Wolfssl CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from Wolfssl, USA. A buffer error vulnerability exists in Wolfssl wolfMQTT, which stems from a call to MqttClientDecodePacket from the product's MqttClientHandlePacket and MqttClientWaitTyp...

Whoc - A Container Image That Extracts The Underlying Container Runtime

A container image that extracts the underlying container runtime and sends it to a remote server. Poke at the underlying container runtime of your favorite CSP container platform! WhoC at Defcon 29 Cloud Village Azurescape - whoc-powered research, the first cross-account container takeover in the...

UVI-2021-1001847 can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible()

can: isotp: isotpsendmsg: add result check for waiteventinterruptible This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.76 by commit...