21767 matches found
Glibc: glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with g_date_time_new_from_iso8601().
...
ocfs2: validate l_tree_depth to avoid out-of-bounds access
...
spufs: fix a leak on spufs_new_file() failure
...
jfs: add sanity check for agwidth in dbMount
...
ext4: fix off-by-one error in do_split
...
LoongArch: BPF: Fix off-by-one error in build_prologue()
...
HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition
...
fs/ntfs3: Prevent integer overflow in hdr_first_de()
...
RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()
...
cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()
...
net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
...
net: openvswitch: fix nested key length validation in the set() action
...
i2c: cros-ec-tunnel: defer probe if parent EC is not present
...
ksmbd: Fix dangling pointer in krb_authenticate
...
virtiofs: add filesystem context source name check
...
RDMA/cma: Fix workqueue crash in cma_netevent_work_handler
...
spufs: fix a leak in spufs_create_context()
...
net: decrease cached dst counters in dst_release
...
net: ibmveth: make veth_pool_store stop hanging
...
net: fix geneve_opt length integer overflow
...
media: streamzap: fix race between device disconnection and urb callback
...
ksmbd: use aead_request_free to match aead_request_alloc
...
spufs: fix gang directory lifetimes
...
netfilter: nf_tables: don't unregister hook when table is dormant
...
acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
...
ksmbd: validate zero num_subauth before sub_auth is accessed
...
ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans
...
MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.
...
Grub2: net: out-of-bounds write in grub_net_search_config_file()
...
In FRRouting (FRR) all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size
...
backlight: led_bl: Hold led_access lock when calling led_sysfs_disable()
...
jq has signed integer overflow in jv.c:jvp_array_write
...
Bluetooth: btnxpuart: Fix kernel panic during FW release
...
vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint
...
spi: spi-imx: Add check for spi_imx_setupxfer()
...
net: tls: explicitly disallow disconnect
...
fs/ntfs3: Fix a couple integer overflows on 32bit systems
...
rtnetlink: Allocate vfinfo size for VF GUIDs when supported
...
GNU elfutils eu-readelf libdw_alloc.c __libdw_thread_tail memory corruption
...
BCryptGenerateSymmetricKey memory leak
...
nvme-rdma: unquiesce admin_q before destroy it
...
When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.
...
usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c
...
Ansible-core: exposure of sensitive information in ansible vault files due to improper logging
...
Libopensc: incorrect handling length of buffers or files in libopensc
...
btrfs: fix qgroup reserve leaks in cow_file_range
...
Expired Pointer Dereference in Wireshark
...
latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
...
Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file
...
A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.
...