22107 matches found
HID: wacom: fix when get product name maybe null pointer
...
net/smc: fix LGR and link use-after-free issue
...
gpio: grgpio: Add NULL check in grgpio_probe
...
net: inet: do not leave a dangling sk pointer in inet_create()
...
leds: class: Protect brightness_show() with led_cdev->led_access mutex
...
af_packet: avoid erroring out after sock_init_data() in packet_create()
...
ftrace: Fix regression with module command in stack_trace_filter
...
tcp: Fix use-after-free of nreq in reqsk_timer_handler().
...
EDAC/bluefield: Fix potential integer overflow
...
net: inet6: do not leave a dangling sk pointer in inet6_create()
...
media: imx-jpeg: Ensure power suppliers be suspended before detach them
...
svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init()
...
Virtual environment (venv) activation scripts don't quote paths
...
wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw()
...
iommu/arm-smmu: Defer probe of clients after smmu device bound
...
hfsplus: don't query the device logical block size multiple times
...
jfs: array-index-out-of-bounds fix in dtReadFirst
...
jfs: fix array-index-out-of-bounds in jfs_readdir
...
scsi: qla2xxx: Fix use after free on unload
...
xsk: fix OOB map writes when deleting elements
...
NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
...
ALSA: 6fire: Release resources at card release
...
ionic: Fix netdev notifier unregister on failure
...
acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl
...
net: hsr: avoid potential out-of-bound access in fill_frame_info()
...
bpf: fix OOB devmap writes when deleting elements
...
CVE-2024-50051
...
CVE-2024-40982
...
Chromium: CVE-2025-1915 Improper Limitation of a Pathname to a Restricted Directory in DevTools
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-1914 Out of bounds read in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-1923 Inappropriate Implementation in Permission Prompts
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-1922 Inappropriate Implementation in Selection
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-1921 Inappropriate Implementation in Media Stream
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-1919 Out of bounds read in Media
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-1918 Out of bounds read in PDFium
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-1917 Inappropriate Implementation in Browser UI
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-1916 Use after free in Profiles
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Microsoft Edge (Chromium-based) Spoofing Vulnerability
The UI performs the wrong action in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos
...
Go JOSE's Parsing Vulnerable to Denial of Service
...
An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_metrics_ng() at prom_rw_prot.c.
...
An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_traces_proto_ng() at opentelemetry_prot.c.
...
SSH SFTP packet size not verified properly in Erlang OTP
...
Openssh: denial-of-service in openssh
...
close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.
...
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
...
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.
...
heap-use-after-free in function str_to_reg in vim/vim
...
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
...
pam_cap: Fix potential configuration parsing error
...