21762 matches found
Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.
...
smb: client: fix potential UAF in smb2_is_valid_oplock_break()
...
bpf: Remove tst_run from lwt_seg6local_prog_ops.
...
NASM Netwide Assember preproc.c parse_smacro_template null pointer dereference
...
f2fs: fix to truncate meta inode pages forcely
...
drm/amd/display: Check null pointers before used
...
drm/amd/display: Wake DMCUB before executing GPINT commands
...
firmware: arm_scmi: Fix double free in SMC transport cleanup path
...
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
...
smb: client: fix UAF in smb2_reconnect_server()
...
net: ravb: Fix missing rtnl lock in suspend/resume path
...
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
...
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128.
...
net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register
...
kvm: s390: Reject memory region operations for ucontrol VMs
...
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).
...
blk-mq: Fix kmemleak in blk_mq_init_allocated_queue
...
btrfs: lock the inode in shared mode before starting fiemap
...
udmabuf: fix memory leak on last export_udmabuf() error path
...
media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode()
...
drm/amdgpu: Skip do PCI error slot reset during RAS recovery
...
When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox < 115.
...
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
...
NASM Netwide Assember outmacho.c macho_no_dead_strip heap-based overflow
...
An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c.
...
btrfs: fix deadlock with fiemap and extent locking
...
drm/amd/display: Do not return negative stream id for array
...
RDMA/hns: Fix soft lockup under heavy CEQE load
...
drm/amd/display: Check dce_hwseq before dereferencing it
...
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component.
...
Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript
...
net: stmmac: Fix accessing freed irq affinity_hint
...
An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.
...
fs/9p: fix NULL pointer dereference on mkdir
...
scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()
...
xsk: Fix race condition in AF_XDP generic RX path
...
btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()
...
GNU Binutils ld xmemdup.c xmemdup memory leak
...
The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.
...
NASM Netwide Assember preproc.c do_directive use after free
...
Denial of service when trying to parse malformed POST requests in aiohttp
...
Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.
...
Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile
...
net: ena: Add validation for completion descriptors consistency
...
Podman: podman missing tls verification
...
drm/sprd: fix potential NULL dereference
...
drm/amd/display: prevent hang on link training fail
...
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component.
...
iPXE TLS tls.c tls_new_ciphertext information exposure
...
The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
...