21761 matches found
parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.
...
rxrpc: Fix oops due to non-existence of prealloc backlog struct
...
soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled
...
Command 'go get' may unexpectedly fallback to insecure git in cmd/go
...
vfio/pci: Create persistent INTx handler
...
net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime
...
dm-bufio: fix sched in atomic context
...
rxrpc: Fix bug due to prealloc collision
...
comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large
...
wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()
...
PCI/ASPM: Fix link state exit during switch upstream function removal
...
rxrpc: Fix recv-recv race of completed call
...
bpf: copy_verifier_state() should copy 'loop_entry' field
...
Panic on large handshake records in crypto/tls
...
HID: core: ensure the allocated report buffer can contain the reserved report ID
...
tracing: Add down_write(trace_event_sem) when adding trace event
...
Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service
...
HID: core: do not bypass hid_hw_raw_request
...
Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http
...
HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflow
...
ksmbd: fix use-after-free in __smb2_lease_break_noti()
...
kasan: remove kasan_find_vm_area() to prevent possible deadlock
...
net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree
...
Potential iSCSI R2T PDU Vulnerability
...
net/sched: sch_qfq: Fix race condition on qfq_aggregate
...
netfilter: nf_tables: reject duplicate device on updates
...
firmware: cs_dsp: Fix OOB memory read access in KUnit test (wmfw info)
...
rseq: Fix segfault on registration when rseq_cs is non-zero
...
bpf: Fix oob access in cgroup local storage
...
net: appletalk: Fix device refcount leak in atrtr_create()
...
firmware: cs_dsp: Fix OOB memory read access in KUnit test
...
Libsoup: off-by-one out-of-bounds read in find_boundary() in soup-multipart.c
...
Incorrect detection of reserved device names on Windows in path/filepath
...
btrfs: fix assertion when building free space tree
...
blk-mq: fix IO hang from sbitmap wakeup race
...
comedi: Fix use of uninitialized data in insn_rw_emulate_bits()
...
block: fix race between set_blocksize and read paths
...
hwmon: (corsair-cpro) Validate the size of the received input buffer
...
tracing: Ensure visibility when inserting an element into tracing_map
...
Errors returned from JSON marshaling may break template escaping in html/template
...
ice: add NULL check in eswitch lag check
...
atm: clip: Fix memory leak of struct clip_vcc.
...
netfilter: nf_conntrack: fix crash due to removal of uninitialised entry
...
HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
...
ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero).
...
GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption
...
Improper handling of empty HTML attributes in html/template
...
In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.
...
ipv6: mcast: Delay put pmc->idev in mld_del_delrec()
...
A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.
...