21762 matches found
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.
...
cifs: fix underflow in parse_server_interfaces()
...
RDMA/mlx5: Fix a WARN during dereg_mr for DM type
...
btrfs: do proper folio cleanup when run_delalloc_nocow() failed
...
Parsing issue in protobuf message-type extension
...
netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
...
An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary.
...
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in wh
...
An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127.
...
Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110.
...
smb: client: fix potential UAF in is_valid_oplock_break()
...
ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING"
...
drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini()
...
An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to any name in that extension regardless of its type. This means that an attacker could impersonate a 4-byte or 16-byte domain by getting a certificate for the corresponding IPv4 or IPv6 address (this would require the attacker to control that IP address, though).
...
bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable
...
mm: clear uffd-wp PTE/PMD state on mremap()
...
In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291.
...
Buildah: podman: improper input validation in bind-propagation option of dockerfile run --mount instruction
...
If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.
...
Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails
...
Missing type checks leading to hash rewind and passing on crafted data
...
GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.
...
f2fs: fix to avoid potential panic during recovery
...
drm/amd/display: Fix incorrect size calculation for loop
...
When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox < 126.
...
jfs: add check read-only before txBeginAnon() call
...
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.
...
The Linux kernel before 2.6.32.4 allows local users to gain privileges or cause a denial of service (panic) by calling the (1) mmap or (2) mremap function, aka the "do_mremap() mess" or "mremap/mmap mess."
...
Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl
...
An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.
...
Cross-site Scripting (XSS)
...
drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'
...
strace allows local users to read arbitrary files via memory mapped file names.
...
Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12.
...
Request smuggling in aiohttp
...
HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX
...
smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()
...
mm, slub: avoid zeroing kmalloc redzone
...
Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().
...
f2fs: avoid infinite loop to flush node pages
...
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
...
Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127.
...
An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
...
Go Snowflake Driver has race condition when checking access to Easy Logging configuration file
...
drm/amd/display: Fix handling of plane refcount
...
drm/xe/xe_devcoredump: Check NULL before assignments
...
bpf: Defer work in bpf_timer_cancel_and_free
...
wifi: ath12k: Fix memory leak due to multiple rx_stats allocation
...
HDF5 H5FSsection.c H5FS__sect_find_node heap-based overflow
...
Unsafe deserialization in knplabs/knp-snappy
...