21761 matches found
The gix-transport crate before 0.36.1 for Rust allows command execution via the "gix clone 'ssh://-oProxyCommand=open$IFS" substring. NOTE: this was discovered before CVE-2024-32884, a similar vulnerability (involving a username field) that is more difficult to exploit.
...
PM / devfreq: Check governor before using governor->name
...
Libsoup: double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" ghashtable value
...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.4.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
...
eventpoll: don't decrement ep refcount while still holding the ep mutex
...
sunrpc: fix client side handling of tls alerts
...
LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS).
...
Tarfile extracts filtered members when errorlevel=0
...
The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.
...
bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls
...
Glib: buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar
...
ksmbd: fix null pointer dereference error in generate_encryptionkey
...
Excessive resource consumption in mime/multipart
...
powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw()
...
net/mlx5e: Remove skb secpath if xfrm state is not found
...
wifi: rtl818x: Kill URBs before clearing tx status queue
...
hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.
...
iwlwifi: Add missing check for alloc_ordered_workqueue
...
Tarfile infinite loop during parsing with negative member offset
...
Infinite loop in parsing in go/scanner
...
net/sched: Restrict conditions for adding duplicating netems to qdisc tree
...
AIDE null pointer dereference when reading incorrectly encoded xattr attributes from database (local DoS)
...
wifi: ath12k: fix memory leak in ath12k_pci_remove()
...
LibTIFF tiffmedian.c get_histogram use after free
...
LibTIFF tiffcrop tiffcrop.c main memory corruption
...
LibTIFF thumbnail.c setrow buffer overflow
...
drm/amdkfd: Don't call mmput from MMU notifier callback
...
Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes
...
scsi: core: Fix a use-after-free
...
Large RSA keys can cause high CPU usage in crypto/tls
...
firmware: cs_dsp: Fix OOB memory read access in KUnit test (ctl cache)
...
Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr
...
bpf: Reject %p% format string in bprintf-like helpers
...
net: phy: Don't register LEDs for genphy
...
GNU Binutils DWARF Section dwarf.c process_debug_info memory leak
...
Grub2: read: integer overflow may lead to out-of-bounds write
...
pinctrl: qcom: msm: mark certain pins as invalid for interrupts
...
usb: net: sierra: check for no status endpoint
...
Improper handling of special tags within script contexts in html/template
...
smb: client: fix use-after-free in cifs_oplock_break
...
tls: always refresh the queue when reading sock
...
GNU Binutils ld ldelfgen.c link_order_scan memory leak
...
wifi: prevent A-MSDU attacks in mesh networks
...
tracing/osnoise: Fix crash in timerlat_dump_stack()
...
comedi: aio_iiro_16: Fix bit shift out of bounds
...
mptcp: make fallback action and fallback decision atomic
...
drm/sched: Increment job count before swapping tail spsc queue
...
comedi: pcl812: Fix bit shift out of bounds
...
io_uring: drop any code related to SCM_RIGHTS
...
iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush
...