368558 matches found
CVE-2024-26943
The CVE-2024-26943 issue affects the Linux kernel driver path nouveau/dmem, where kcalloc() could fail and return NULL in nouveau_dmem_evict_chunk(), leading to NULL dereferences when dereferencing src_pfns, dst_pfns, or dma_addrs. The patch adds a __GFP_NOFAIL flag to kcalloc() and switches from...
CVE-2018-16843
CVE-2018-16843 affects nginx before 1.15.6 and 1.14.1, where HTTP/2 implementation vulnerabilities in ngx_http_v2_module (if http2 is enabled) can cause excessive memory usage. Connected advisories also reference related CVEs (16844/16845) and show multiple distributions (Debian, Fedora/Red Hat, ...
CVE-2021-46989
CVE-2021-46989 — Linux kernel hfsplus truncate corruption Root cause: in shrinking truncate, when shrinking into the middle of an extent within the extents overflow file, the logic in hfsplus_file_truncate() unguards a call to hfs_brec_remove(), potentially removing the last matching extent recor...
CVE-2023-40106
CVE-2023-40106 concerns a BAL bypass in Android’s NotificationManagerService.java (sanitizeSbn) that could allow launching an activity from the background, enabling local privilege escalation without extra privileges or user interaction. Affected component is the background handling path in the A...
CVE-2023-51385
OpenSSH CVE-2023-51385: OS command injection can occur when a username or hostname containing shell metacharacters is used in expansion tokens, e.g., in untrusted repositories. Affected: OpenSSH up to version
CVE-2021-47060
CVE-2021-47060 affects the Linux kernel KVM MMIO coalesced zones. When kvm_io_bus_unregister_dev() fails to allocate memory for a new bus instance, unregister_dev() destroys all devices on the bus except the target, but does not notify the caller, which can lead to a deleted list entry being dere...
CVE-2022-20793
CVE-2022-20793 affects Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 devices. The root cause is insufficient identity verification in the pairing process, allowing an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device. A su...
CVE-2023-6247
CVE-2023-6247 affects the OpenVPN 3 Core Library up to version 3.8.3. The root cause is that the PKCS#7 parser did not properly validate the parsed data, which can cause the application to crash (availability impact). The advisory notes an in-scope impact of crashes, with CVSS 3.1 vector indicati...
CVE-2024-9166
CVE-2024-9166 corresponds to an OS command injection in Atelmo/TitanNit devices via the getcommand query. Connected docs identify affected hardware as TitanNit Web Control 2.01 and Atemio 7600, and Atelmo Atemio AM 520 HD devices (TitanNit 2.01 and earlier). The vulnerability allows unauthenticat...
CVE-2024-26622
CVE-2024-26622 affects the Linux kernel’s tomoyo subsystem. The issue is a use-after-free/write-after-free in tomoyo_write_control() when long lines are written. The root cause is that head->write_buf must be fetched after head->io_sem is held; otherwise concurrent write() calls can trigger...
CVE-2021-46978
CVE-2021-46978 : Linux kernel KVM nVMX fix for mapping eVMCS after migration. When enlightened VMCS is used and nested state is migrated via vmx_get_nested_state()/vmx_set_nested_state(), evmcs page could not be mapped immediately because evmcs GPA lacked the expected struct kvm_vmx_nested_state_...
CVE-2023-27321
CVE-2023-27321 describes a DoS vulnerability in OPC Foundation UA .NET Standard’s OPC UA ConditionRefresh handling. The flaw allows an attacker to trigger a resource exhaustion condition on affected servers by sending a high volume of ConditionRefresh requests, potentially consuming all server re...
CVE-2021-29921
CVE-2021-29921 affects the ipaddress module in Python, where leading zeros in IPv4 octets are mishandled, potentially bypassing IP-based access controls. The issue is addressed by Python 3.9.5 and later; many advisories (Debian, AlmaLinux, Alpine, etc.) reference updates or security trackers conf...
CVE-2024-0021
CVE-2024-0021 affects Android’s NotificationAccessConfirmationActivity in the work profile. A logic error could let an app enable notification listener services, enabling local elevation of privilege with no extra privileges; exploitation requires user interaction. The issue is documented across ...
CVE-2024-27026
CVE-2024-27026 concerns the Linux kernel vmxnet3 driver. The issue is a missing reserved tailroom in non-dataring paths, corrected by using rbi->len instead of rcd->len for length calculations, which could trigger a driver warning and tailroom problems during XDP processing (as shown by XDP...
CVE-2021-47000
CVE-2021-47000 is confirmed to affect the Linux kernel with a fixed inode leak in the ceph path on getattr error in __fh_to_dentry. The available connected documents provide the concrete fix description, linking the CVE to ceph inode leak resolution in the kernel. Remediation requires deploying k...
CVE-2018-16844
CVE-2018-16844 affects nginx before versions 1.15.6 and 1.14.1 where HTTP/2 implementation can cause excessive CPU usage when nginx is built with the ngx_http_v2_module and the listen directive uses http2. The issue is triggered by HTTP/2 handling and is report-backed across multiple providers (D...
CVE-2024-26813
The CVE-2024-26813 issue affects the Linux kernel vfio-platform subsystem (SET_IRQS) where loopback IRQ triggering can occur before an eventfd is configured, enabling a NULL dereference. The fix registers all IRQs in a disabled state during device open and ensures trigger changes are serialized w...
CVE-2024-0420
MapPress Maps for WordPress Plugin prior to 2.88.15 is affected by a Stored XSS vulnerability: the map title is not sanitized/escaped when output in the admin dashboard, allowing Contributors and higher roles to inject exploits. Impact details reported across multiple sources (including Red Hat, ...
CVE-2024-42096
CVE-2024-42096 is a Linux kernel vulnerability in the x86 profiling code (profile_pc) used for timer-based profiling. The issue stemmed from the function’s assumptions about stack layout when accounting time spent in spinlocks, which could misattribute time and trigger KASAN warnings. The advisor...
CVE-2021-46992
CVE-2021-46992 affects the Linux kernel netfilter nftables hashtables. The issue arises from storing the number of buckets in 32-bit variables, allowing an overflow in nft_hash_buckets() when large sizes are encountered (sz Brent: 0x40000000 was observed). The syzbot report shows UBSAN: shift-out...
CVE-2024-0018
The vulnerability CVE-2024-0018 affects Android Media Codecs (ColorConverter.cpp) in ColorConverter::convertYUV420Planar16ToY410, where a heap-based out-of-bounds write is possible. This could enable local escalation of privilege with no additional execution privileges and requires no user intera...
CVE-2019-16905
CVE-2019-16905 affects OpenSSH 7.7–7.9 and 8.x prior to 8.1 when built with the experimental XMSS key type. It describes a pre-authentication integer overflow in XMSS key parsing that can cause memory corruption and local code execution. The XMSS implementation is treated as experimental in all r...
CVE-2023-27372
SPIP CVE-2023-27372 is a remote code execution vulnerability present in SPIP versions prior to 4.2.1 due to mishandled serialization in the public area (oubli parameter) used by the password-reset flow. The underlying issue is a deserialization flaw in the Spip code path (ecrire/inc/filtres.php, ...
CVE-2018-10892
CVE-2018-10892 : In Docker/Moby, the default OCI Linux spec (oci/defaults_linux.go) from 1.11 to current does not block /proc/acpi pathnames. This allows a container to affect host hardware state (e.g., enabling/disabling Bluetooth, changing keyboard brightness) by targeting /proc/acpi, represent...
CVE-2023-38709
CVE-2023-38709 describes HTTP response splitting in the core of Apache HTTP Server caused by faulty input validation. It affects Apache HTTP Server up to version 2.4.58; multiple advisories (e.g., Astra Linux, AlmaLinux, Alpine Linux) note that upgrading to 2.4.64 fixes the issue. Some sources in...
CVE-2021-30745
CVE-2021-30745 is marked as rejected, but connected documents describe a local privilege-escalation in Apple macOS QuartzCore. The flaw involves type confusion in the QuartzCore framework that can allow a low-privilege attacker to escalate privileges to the WindowServer context. The ZDI advisory ...
CVE-2024-0023
CVE-2024-0023: In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not needed for exploitation. Connected...
CVE-2023-48795
CVE-2023-48795 is referenced across several connected advisories, detailing affected packages and required upgrades. Astra Linux/CBL-Mariner entries note: podman (<5.6.1-2) needs upgrade, erlang (<25.2-1), libssh2 (<1.11.1-1), libssh (<0.10.6-1), terraform (<1.3.2-25), kubevirt (&l...
CVE-2019-6109
OpenSSH 7.9 contains CVE-2019-6109: missing character encoding in the progress display allows a malicious server/MITM to spoof scp client output by crafting object names (refresh_progress_meter in progressmeter.c). The vulnerability can enable spoofing of file transfer output; related issues incl...
CVE-2024-26863
CVE-2024-26863 : In the Linux kernel, a vulnerability in the HSR/PRP framing layer allowed an uninitialized value to be accessed when the Ethernet header indicates a PRP/HSR packet but is not followed by an HSR tag. The issue arises in hsr_get_node() and can lead to uninit-value reads as shown by...
CVE-2023-52603
CVE-2023-52603 : In Linux kernel, a UBSAN array-index-out-of-bounds was reported in JFS’s dtSplitRoot (dtree) when the value of fsi drops below -1, causing an out-of-bounds access previously guarded by a check that only handled -1. A patch was added to handle values less than 0, addressing the ro...
CVE-2023-52600
CVE-2023-52600 affects the Linux kernel JFS component. Root cause: a use-after-free in jfs_evict_inode where, if diMount(ipimap) fails, the released ipimap may be accessed in diFreeSpecial() as rcu_core() asynchronously frees it via jfs_free_node(). The fix ensures sbi->ipimap is not initializ...
CVE-2021-1636
Technical details about CVE-2021-1636 are not publicly provided in the supplied documents. Please monitor for updates from official sources for affected products, vulnerable components, impact, and remediation.
CVE-2008-3723
The CVE-2008-3723 entry concerns a directory traversal vulnerability in PHPizabi 0.848b C1 HFP3. The flaw affects index.php where the id parameter in the admin.templates.edittemplate action can be exploited for reading arbitrary files by using patterns like .., a URL, or a full pathname. Affected...
CVE-2022-23092
The CVE-2022-23092 issue affects lib9p’s handling of RWALK messages. A missing bounds check during unpacking can cause a crafted RWALK message to overwrite memory, with the attack path via a malicious bhyve guest kernel potentially affecting the bhyve(8) process and, subject to Capsicum sandboxin...
CVE-2010-5107
CVE-2010-5107 describes a DoS in OpenSSH up to version 6.1 caused by a default connection-limiting behavior that can exhaust unauthenticated SSH slots. Public advisories (F5, CentOS/RHEL, AIX) discuss mitigations such as enabling random early drop via MaxStartups (commonly 10:30:60 or 10:30:100) ...
CVE-2017-15715
CVE-2017-15715 affects Apache HTTP Server 2.4.0–2.4.29. The issue: the expression could treat a trailing '$' as a newline in a malicious filename, bypassing filename-end checks and potentially allowing uploads that would otherwise be blocked. Documents consistently describe this as a bypass vuln...
CVE-2020-36774
The CVE-2020-36774 issue affects GNOME Glade, specifically plugins/gtk+/glade-gtk-box.c. The vulnerability arises from how GladeGtkBox widget rebuilding is handled in Glade before 3.38.1 and in 3.39.x before 3.40.0, which can lead to a denial of service (application crash) due to incorrect widget...
CVE-2024-3863
Technical details about CVE-2024-3863 are not provided in the supplied documents. Public information is limited to the vulnerability description and affected products; monitor for updates from authoritative sources for affected versions, impact, and fixes.
CVE-2024-26626
CVE-2024-26626 affects the Linux kernel and concerns a multicast route handling bug in ip_mr_forward that could cause a kernel panic via a NULL pointer dereference when forwarding multicast packets. The provided stacktrace and code reference ipmr.c:1985 document the root cause in ip_mr_forward, w...
CVE-2021-47033
Technical details about CVE-2021-47033 are not provided in the supplied documents. The initial entry only mentions a Linux kernel fix for mt76/mt7615 DMA unmapping and provides no product/version/patch specifics. Monitor for updates.
CVE-2022-23086
CVE-2022-23086 affects FreeBSD: the mpr/mps/mpt disk controller drivers expose _CFG_PAGE ioctls that allocate a caller-specified buffer size but copy a fixed-size header into it. This can result in heap data being overwritten if the input size is too small, potentially enabling privilege escalati...
CVE-2023-40100
CVE-2023-40100 affects Android via a memory corruption in the discovery_thread of Dns64Configuration.cpp caused by a use-after-free. This can lead to local elevation of privilege with no extra execution privileges required and no user interaction needed, per multiple sources. The vulnerability is...
CVE-2021-1467
CVE-2021-1467 affects Cisco Webex Meetings for Android. The issue stems from improper authorization checks, allowing an authenticated remote actor in the same meeting to modify another user’s avatar by sending a crafted request to the targeted Webex client. Impact is limited to avatar modificatio...
CVE-2024-1553
CVE-2024-1553 affects Mozilla Firefox and Thunderbird (Firefox < 123, ESR < 115.8, Thunderbird
CVE-2023-52887
CVE-2023-52887 affects the Linux kernel’s CAN/J1939 stack. The issue is in net: can: j1939 where RTS messages arriving in quick succession were not handled as clearly as before; the fix replaces WARN_ON_ONCE backtraces with a dedicated error handling path in xtp_rx_rts_session_new, enabling early...
CVE-2023-28531
CVE-2023-28531 affects OpenSSH: ssh-add adds smartcard keys to ssh-agent without the intended per‑hop destination constraints, starting from OpenSSH up to version 9.2.x and earliest affected 8.9. The issue is resolved in OpenSSH 9.3 and later. Remediation is upgrading to 9.3+ (or the distro patch...
CVE-2023-52604
CVE-2023-52604 is a Linux kernel vulnerability affecting the JFS subsystem, specifically UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c (dbAdjTree). Public writeups note an out-of-bounds access (index 196694 in an s8[1365] buffer) encountered during Syzkaller fuzzing, leading to a kernel p...
CVE-2024-0032
CVE-2024-0032 affects the Android Framework (FileSystemProvider.java, queryChildDocuments) and enables local escalation of privilege due to improper input validation. Impact is described as Elevation of Privilege with HIGH confidentiality/integrity/availability impact; exploit requires user inter...