243 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the spi-mem module not handling the zero virtual byte case, which could result in a divide-by-zero error...
K000151336: Linux kernel vulnerability CVE-2024-25739
Security Advisory Description createemptylvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi-lebsize. CVE-2024-25739 Impact There is no impact; F5 products are not affected by this vulnerability. Securi...
kernel: crash due to a missing check for leb_size
A flaw was found in the Linux kernel. The createemptylvol function in the drivers/mtd/ubi/vtbl.c file can attempt to allocate zero bytes of memory when the LEB size is smaller than a single volume table record. This issue can result in a denial of service...
CVE-2025-2265
The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte...
Linux Distros Unpatched Vulnerability : CVE-2015-8948
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-boun...
CVE-2025-27145
copyparty, a portable file server, has a DOM-based cross-site scripting vulnerability in versions prior to 1.16.15. The vulnerability is considered low-risk. By handing someone a maliciously-named file, and then tricking them into dragging the file into copyparty's Web-UI, an attacker could execu...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the drag-drop action on the Web-UI. An attacker can execute arbitrary JavaScript with the same privileges as the user by tricking them into dragging a maliciously-named, zero-byte file into the interface...
Astra Linux – Vulnerability in libvirt
A flaw was discovered in libvirt. A refactoring of the code that retrieves the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case could lead to a NULL pointer being dereferenced, causing the...
The vulnerability of the MongoDB database management system lies in improper handling of zero bytes during BSON data processing. This allows attackers to gain unauthorized access to protected information or cause service failures.
The vulnerability of the MongoDB database management system server is related to improper elimination of zero bytes. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or cause service failures by sending specially crafted queries...
kernel: crash due to a missing check for leb_size
A flaw was found in the Linux kernel. The createemptylvol function in the drivers/mtd/ubi/vtbl.c file can attempt to allocate zero bytes of memory when the LEB size is smaller than a single volume table record. This issue can result in a denial of service...
The vulnerability of the os.path.normpath() function in the Python interpreter lies in its ability to bypass permission checks when shortening a path by inserting a zero byte. This allows an attacker to compromise the integrity of the protected information.
The vulnerability of the os.path.normpath function in the Python interpreter relates to the handling of permission lists when shortening a path by inserting a zero byte. Exploiting this vulnerability could allow an attacker, operating remotely, to compromise the integrity of protected information...
CVE-2020-27840
...
SUSE CVE-2024-8235
A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterface...
DEBIAN-CVE-2024-8235
A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterface...
UBUNTU-CVE-2024-8235
A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterface...
PT-2024-6094
Name of the Vulnerable Software and Affected Versions libvirt affected versions not specified Description A flaw was found in libvirt related to a NULL-pointer dereference. This issue occurs due to a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer, leading to...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer CVE-2022-48627 In the Linux kernel, the following vulnerability has been resolved: loop: Check for overflow while configuring loop CVE-2022-49993 In the...
kernel: crash due to a missing check for leb_size
A flaw was found in the Linux kernel. The createemptylvol function in the drivers/mtd/ubi/vtbl.c file can attempt to allocate zero bytes of memory when the LEB size is smaller than a single volume table record. This issue can result in a denial of service...
PT-2024-19836 · Qualcomm · 215 Mobile Platform Firmware +212
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue involves a transient Denial of Service DOS that occurs when importing a PKCS8-encoded RSA key with a modulus containing zero bytes. Recommendations: At the moment, there is no...
Medium: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow timeout for anonymous sets CVE-2023-52620 createemptylvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missi...