21761 matches found
Grub2: commands/extcmd: missing check for failed allocation
...
Bluetooth: hci_core: Fix use-after-free in vhci_flush()
...
jqlang jq JSON jq_test.c run_jq_tests assertion
...
libp2p nodes vulnerable to attack using large RSA keys
...
sfc: fix NULL dereferences in ef100_process_design_param()
...
atm: clip: Fix potential null-ptr-deref in to_atmarpd().
...
Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions
...
Denial of service via chunk extensions in net/http
...
HDF5 H5FL.c H5FL__reg_gc_list use after free
...
Libarchive: integer overflow while reading warc files at archive_read_support_format_warc.c
...
objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq()
...
Libopensc: heap buffer overflow in openpgp driver when generating key
...
net: appletalk: Fix use-after-free in AARP proxy probe
...
LibTIFF tiffcrop tiffcrop.c readSeparateStripsetoBuffer stack-based overflow
...
ksmbd: fix null pointer dereference in alloc_preauth_hash()
...
drm/msm: Fix a fence leak in submit error path
...
bnxt: properly flush XDP redirect lists
...
Grub2: grub-core/gettext: integer overflow leads to heap oob write and read.
...
tls: handle data disappearing from under the TLS ULP
...
Libarchive: off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c
...
HDF5 H5Ofsinfo.c H5O__fsinfo_encode heap-based overflow
...
tipc: Fix use-after-free in tipc_conn_close().
...
: null pointer dereference in libssh kex session id calculation
...
The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.
...
net/mlx5: Check device memory pointer before usage
...
fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats
...
arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack()
...
HDF5 H5Ochunk.c H5O__chunk_protect heap-based overflow
...
xfrm: interface: fix use-after-free after changing collect_md xfrm interface
...
drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling
...
Improper handling of HTML-like comments in script contexts in html/template
...
smb: client: fix potential deadlock when releasing mids
...
Libarchive: reading past eof may be triggered for piped file streams
...
wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac()
...
regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods
...
HDF5 H5Centry.c H5C__flush_single_entry null pointer dereference
...
wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band
...
A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.
...
Grub2: ufs: integer overflow may lead to heap based out-of-bounds write when handling symlinks
...
power: supply: cpcap-charger: Fix null check for power_supply_get_by_name
...
nbd: fix uaf in nbd_genl_connect() error path
...
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
...
bpf: Disable migration in nf_hook_run_bpf().
...
maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate()
...
Libsoup: denial of service attack to websocket server
...
cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value
...
PCI: pnv_php: Clean up allocated IRQs on unplug
...
block: fix integer overflow in BLKSECDISCARD
...
9p: add missing locking around taking dentry fid list
...
clk: davinci: Add NULL check in davinci_lpsc_clk_register()
...