68 matches found
CVE-2022-38791
In MariaDB before 10.9.2, compresswrite in extra/mariabackup/dscompress.cc does not release datamutex upon a stream write failure, which allows local users to trigger a deadlock...
kernel: RDMA/rxe: Return CQE error if invalid lkey was supplied
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCALWRITE failures. This caused the following kernel panic if someone sent an atomic operation with an explicitly wrong lkey. leonro@...
undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability...
undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability...
undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability...
Heap overflow
QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in PlASCII85Decoder::write called from PlAESPDF::flush and PlAESPDF::finish when a certain downstream write fails...
QPDF 缓冲区错误漏洞
QPDF is a software application. A C++ library and a set of programs that examine and manipulate the structure of PDF files. A security vulnerability exists in QPDF that stems from the presence of a heap-based buffer overflow in QPDF when some downstream write operation fails...
kernel: sg_write function lacks an sg_remove_request call in a certain failure case
A vulnerability was found in sgwrite in drivers/scsi/sg.c in the SCSI generic sg driver subsystem. This flaw allows an attacker with local access and special user or root privileges to cause a denial of service if the allocated list is not cleaned with an invalid Sgfd sfp pointer at the time of...