21762 matches found
arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved
...
Path traversal via Clean on Windows in path/filepath
...
Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()
...
drm/msm/dpu: Add mutex lock in control vblank irq
...
net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()
...
smb: client: fix potential UAF in smb2_is_valid_lease_break()
...
Kernel: ksmbd: smb2_open out-of-bounds read information disclosure vulnerability
...
An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 126.
...
of: module: add buffer overflow check in of_modalias()
...
x86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer()
...
md/raid1,raid10: don't ignore IO flags
...
fbdev: hyperv_fb: Allow graceful removal of framebuffer
...
In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This vulnerability affects Firefox < 127.
...
Libssh: write beyond bounds in binary to base64 conversion functions
...
An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.
...
GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's handling of tekhex format files.
...
Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119.
...
accel/ivpu: Fix locking order in ivpu_job_submit
...
When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
...
net: fix NULL pointer dereference in l3mdev_l3_rcv
...
iavf: get rid of the crit lock
...
scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT
...
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
...
f2fs: fix potential deadloop in prepare_compress_overwrite()
...
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
...
A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
...
drm/admgpu: fix dereferencing null pointer context
...
In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).
...
serial: sc16is7xx: fix TX fifo corruption
...
Das U-Boot 2022.01 has a Buffer Overflow.
...
scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue
...
fs/ntfs3: Fixed overflow check in mi_enum_attr()
...
btrfs: fix deadlock between concurrent dio writes when low on free data space
...
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
...
If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS connection with a server that used that certificate, and then deleted the exception, Firefox would have kept the connection alive, making it seem like the certificate was still trusted. This vulnerability affects Firefox < 107.
...
A duplicate <code>SystemPrincipal</code> object could be created when parsing a non-system html document via <code>DOMParser::ParseFromSafeString</code>. This could have lead to bypassing web security checks. This vulnerability affects Firefox < 109.
...
Apache Subversion: Command line argument injection on Windows platforms
...
drm/xe: Fix potential integer overflow in page size calculation
...
drm/amdgpu: fix use-after-free during gpu recovery
...
drm/amdgpu/pm: fix the null pointer while the smu is disabled
...
During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
...
The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122.
...
drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe
...
drm/amd/display: Check stream_status before it is used
...
f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC
...
An HTTP digest authentication nonce value was generated using `rand()` which could lead to predictable values. This vulnerability affects Firefox < 126.
...
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
...
Possible SSRF and Credential Leakage via Absolute URL in axios Requests
...
VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.
...
btrfs: don't readahead the relocation inode on RST
...