21761 matches found
net: dsa: improve shutdown sequence
...
Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
...
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.
...
watchdog: Fix possible use-after-free in wdt_startup()
...
hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327.
...
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.
...
serial: sc16is7xx: fix invalid FIFO access with special register set
...
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.
...
hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327.
...
HDF5 H5FScache.c H5FS__sinfo_Srialize_Sct_cb heap-based overflow
...
ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
...
Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115.
...
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.
...
HDF5 H5HLcache.c H5HL__fl_deserialize heap-based overflow
...
ipv6: Fix signed integer overflow in __ip6_append_data
...
memcg: fix soft lockup in the OOM process
...
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.
...
RDMA/hns: Fix UAF for cq async event
...
HDF5 H5Fint.c H5F_addr_encode_len heap-based overflow
...
fs/ntfs3: cancle set bad inode after removing name fails
...
Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel
...
RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop
...
kprobes: Fix possible use-after-free issue on kprobe registration
...
Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.
...
dm cache: fix flushing uninitialized delayed_work on cache_ctr error
...
HDF5 H5Ocache.c H5O__cache_chk_serialize null pointer dereference
...
drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX
...
fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name
...
ksmbd: fix slab out of bounds write in smb_inherit_dacl()
...
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.
...
padata: Fix pd UAF once and for all
...
cachefiles: Fix NULL pointer dereference in object->file
...
HDF5 H5MM.c H5MM_realloc double free
...
ice: arfs: fix use-after-free when freeing @rx_cpu_rmap
...
usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
...
A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.
...
zram: fix NULL pointer in comp_algorithm_show()
...
An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memmove call, as demonstrated by sadf.
...
HDF5 H5FL.c H5FL__blk_gc_list use after free
...
rcu-tasks: Fix access non-existent percpu rtpcp variable in rcu_tasks_need_gpcb()
...
watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
...
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.
...
TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/16, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.
...
sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation.
...
btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()
...
scsi: ufs: qcom: Only free platform MSIs when ESI is enabled
...
drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing
...
netfilter: nf_tables: fix memleak in map from abort path
...
If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
...
Cri-o: pods are able to break out of resource confinement on cgroupv2
...