21762 matches found
In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
...
ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.
...
clk: mediatek: Fix memory leaks on probe
...
drm/amd/display: Guard Possible Null Pointer Dereference
...
Unsanitized NUL in environment variables on Windows in syscall and os/exec
...
Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component.
...
An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
...
ublk: fix handling recovery & reissue in ublk_abort_queue()
...
thermal: core: Reference count the zone in thermal_zone_get_by_id()
...
The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file.
...
In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
...
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.
...
CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128 and Thunderbird < 128.
...
wifi: cfg80211: Set correct chandef when starting CAC
...
mm/vmscan: don't try to reclaim hwpoison folio
...
An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password.
...
wifi: ath11k: fix RCU stall while reaping monitor destination ring
...
drm/amdgpu: add list empty check to avoid null pointer issue
...
The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.
...
smb: client: fix use-after-free in smb2_query_info_compound()
...
Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126.
...
drm/amd/display: Add a dc_state NULL check in dc_state_release
...
Elasticsearch Uncontrolled Resource Consumption vulnerability
...
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.
...
drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update
...
A heap-buffer-overflow vulnerability has been identified in ntopng 6.2 in the Flow::dissectMDNS function.
...
Buildah: buildah allows arbitrary directory mount
...
md: Don't ignore suspended array in md_check_recovery()
...
Libsoup: cookie domain validation bypass via uppercase characters in libsoup
...
ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()
...
wifi: rtw89: avoid to add interface to list twice when SER
...
drm/amd/display: Avoid overflow from uint32_t to uint8_t
...
Bluetooth: msft: fix slab-use-after-free in msft_do_close()
...
An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.
...
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
...
An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
...
x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client
...
spmi: mediatek: Fix UAF on device remove
...
virtiofs: use pages instead of pointer for kernel direct IO
...
rv: Use strings in da monitors tracepoints
...
Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.
...
drm/amd/display: Adding array index check to prevent memory corruption
...
S-Lang 2.3.2 was discovered to contain a segmentation fault via the function fixup_tgetstr().
...
ibmvnic: Add tx check to prevent skb leak
...
Default mimetype known files writeable on Windows
...
md: Don't ignore read-only array in md_check_recovery()
...
s390/mm: Fix in_atomic() handling in do_secure_storage_access()
...
Use after free in Wasmtime
...
reiserfs: Avoid touching renamed directory if parent does not change
...
wifi: ath12k: Avoid memory leak while enabling statistics
...