21762 matches found
Linux Kernel BlueZ jlink.c jlink_init denial of service
...
spi: Fix null dereference on suspend
...
An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.
...
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file
...
net/sched: flower: Fix chain template offload
...
ksmbd: fix use-after-free in ksmbd_session_rpc_open
...
Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
...
WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild.
...
ECDSA remote timing attack
...
f2fs: quota: fix to avoid warning in dquot_writeback_dquots()
...
media: mediatek: vcodec: prevent kernel crash when rmmod mtk-vcodec-dec.ko
...
In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.
...
ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()
...
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
...
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.
...
riscv: save the SR_SUM status over switches
...
drm/amd/display: Fix disable_otg_wa logic
...
fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr()
...
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.
...
Service workers could reveal script base URL due to dynamic `import()`. This vulnerability affects Firefox < 113.
...
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
...
drm/amdgpu: Fixed bug on error when unloading amdgpu
...
DNSSEC validation may accept broken authentication chains
...
interconnect: qcom: sc8180x: Mark CO0 BCM keepalive
...
powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW
...
Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.
...
loop: implement ->free_disk
...
um: work around sched_yield not yielding in time-travel mode
...
GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.
...
net: atlantic: Fix DMA mapping for PTP hwts ring
...
Auth Bypass in Google's Closure-Library
...
GNU Binutils ld libbfd.c bfd_putl64 memory corruption
...
sched: fix warning in sched_setaffinity
...
NASM Netwide Assember parser.c parse_line stack-based overflow
...
ipvlan: ensure network headers are in skb linear part
...
hwrng: cavium - fix NULL but dereferenced coccicheck error
...
drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay()
...
The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.
...
bonding: check xdp prog when set bond mode
...
Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124.
...
ceph: fix possible deadlock when holding Fwb to get inline_data
...
jfs: fix null ptr deref in dtInsertEntry
...
KVM: s390: vsie: fix race during shadow creation
...
wifi: ath6kl: remove WARN on bad firmware input
...
SUNRPC: fix a memleak in gss_import_v2_context
...
net: allow small head cache usage with large MAX_SKB_FRAGS values
...
Memory safety bugs present in Firefox 113. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 114.
...
thermal: intel: hfi: Add syscore callbacks for system-wide PM
...
cpufreq: CPPC: Add u64 casts to avoid overflowing
...
PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate.
...