21762 matches found
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length.
...
drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()'
...
mm: fix uprobe pte be overwritten when expanding vma
...
drm/amd/display: Ensure array index tg_inst won't be -1
...
virtio-pci: Check if is_avq is NULL
...
wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850
...
drm/amd/display: Check null pointers before multiple uses
...
S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function tt_sprintf().
...
ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()
...
Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall
...
drm/amd/display: Skip Recompute DSC Params if no Stream on Link
...
This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.
...
Reference counting in php_request_shutdown causes Use-After-Free
...
udp: Deal with race between UDP socket address change and rehash
...
net: Fix icmp host relookup triggering ip_rt_bug
...
Arbitrary code injection vulnerability in Keras framework < 2.13
...
exfat: fix double free in delayed_free
...
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: [email protected]" in its release description, is not vulnerable).
...
sh: push-switch: Reorder cleanup operations to avoid use-after-free bug
...
Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.
...
libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.
...
drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()'
...
HDF5 H5Fint.c H5F_addr_decode_len heap-based overflow
...
f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic
...
PCI: imx6: Fix suspend/resume support on i.MX6QDL
...
Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled->face == NULL" assertion failure for _cairo_ft_unscaled_font_fini in cairo-ft-font.c.
...
smb3: missing lock when picking channel
...
bnxt_en: Mask the bd_cnt field in the TX BD properly
...
nouveau: lock the client object tree.
...
Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128 and Thunderbird < 128.
...
drm/amd/display: Handle dml allocation failure to avoid crash
...
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.
...
ax25: fix use-after-free bugs caused by ax25_ds_del_timer
...
arm64: errata: Add Cortex-A520 speculative unprivileged load workaround
...
Miscompilation of `i8x16.swizzle` and `select` with v128 inputs in Wasmtime
...
vLLM using built-in hash() from Python 3.12 leads to predictable hash collisions in vLLM prefix cache
...
fbdev: efifb: Register sysfs groups through driver core
...
nvme-fabrics: use reserved tag for reg read/write command
...
Unintentional exposure of environment variables to subprocesses in sentry-sdk
...
vhost_task: Handle SIGKILL by flushing work and exiting
...
GNU Bison scan-code.c code_free double free
...
Khronos Group glslang Intermediate.cpp isConversionAllowed null pointer dereference
...
f2fs: don't set RO when shutting down f2fs
...
Undefined Behavior in bounded Crossbeam channel
...
wifi: ath12k: fix kernel crash during resume
...
A prototype pollution in the lib.Logger function of eazy-logger v4.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
...
squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution.
...
drm/amd/display: Increase array size of dummy_boolean
...
GNU Bison obprintf.c __obstack_vprintf_internal assertion
...
media: mtk-vcodec: potential null pointer deference in SCP
...