21762 matches found
gpiolib: cdev: Fix use after free in lineinfo_changed_notify
...
io_uring: fix possible deadlock in io_register_iowq_max_workers()
...
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
...
btrfs: do not BUG_ON() when freeing tree block after error
...
A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.
...
reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC
...
HPACK table poisoning in gRPC C++, Python & Ruby
...
Bluetooth: btusb: mediatek: add intf release flow when usb disconnect
...
gfs2: Fix slab-use-after-free in gfs2_qd_dealloc
...
gpio: prevent potential speculation leaks in gpio_device_get_desc()
...
Integer overflow in CipherUpdate
...
drm/amd/display: Check link_index before accessing dc->links[]
...
nvme: apple: fix device reference counting
...
bpf: Use raw_spinlock_t in ringbuf
...
An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.
...
btrfs: check folio mapping after unlock in relocate_one_folio()
...
staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()
...
wifi: wfx: fix memory leak when starting AP
...
x86/fred: Clear WFE in missing-ENDBRANCH #CPs
...
Malformed DNS message can cause infinite loop in net
...
netfilter: allow exp not to be removed in nf_ct_find_expectation
...
btrfs: do not clean up repair bio if submit fails
...
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.
...
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
...
net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue
...
NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.
...
Cri-o: /etc/passwd tampering privesc
...
decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation.
...
jfs: fix array-index-out-of-bounds read in add_missing_indices
...
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.
...
Cache poisoning via the ECS-enabled Rebirthday Attack
...
s390/pkey: Wipe copies of clear-key structures on failure
...
phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe
...
Glib: glib crash after long command line
...
smb: client: fix use-after-free bug in cifs_debug_data_proc_show()
...
Denial of service due to improper 100-continue handling in net/http
...
sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers
...
drm/amd/display: Check null pointer before try to access it
...
drm/amd/display: Add NULL pointer check for kzalloc
...
Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability
...
Vitess vulnerable to infinite memory consumption and vtgate crash
...
net: hns3: don't auto enable misc vector
...
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
...
ax25: rcu protect dev->ax25_ptr
...
wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()
...
Arbitrary code execution during build on Darwin in cmd/go
...
drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer
...
drm/amd/display: Check null-initialized variables
...
smb: client: fix potential UAF in cifs_debug_files_proc_show()
...
drm/amd/display: Disable idle reallow as part of command/gpint execution
...