22107 matches found
vt: fix unicode buffer corruption when deleting characters
...
Bluetooth: btusb: mediatek: Fix double free of skb in coredump
...
dm-raid: really frozen sync_thread during suspend
...
media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
...
netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().
...
usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock
...
nvme: avoid double free special payload
...
filelock: fix potential use-after-free in posix_lock_inode
...
media: mc: Fix graph walk in media_pipeline_start
...
clk: Get runtime PM before walking tree for clk_summary
...
crypto: qat - resolve race condition during AER recovery
...
drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
...
drm/i915/vma: Fix UAF on destroy against retire race
...
x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type
...
usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group
...
Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
...
Qemu: vnc: infinite loop in inflate_buffer() leads to denial of service
...
QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.
...
Qemu: 9pfs: improper access control on special files
...
Heap buffer overflow in virtio_crypto_sym_op_helper()
...
A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.
...
Shim: interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems
...
Shim: out-of-bound read in verify_buffer_sbat()
...
Groups not dropped before running subprocess when using empty 'extra_groups' parameter
...
io_uring/net: fix overflow check in io_recvmsg_mshot_prep()
...
md/dm-raid: don't call md_reap_sync_thread() directly
...
firewire: ohci: prevent leak of left-over IRQ on unbind
...
xfs: fix log recovery buffer allocation for the legacy h_size fixup
...
bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()
...
KEYS: trusted: Fix memory leak in tpm2_key_encode()
...
Denial of Service of protobuf-java parsing procedure
...
In Go before 1.15.13 and 1.16.x before 1.16.5 some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
...
Integer Overflow in Chunked Transfer-Encoding
...
rust-vmm linux-loader vulnerable to Out-of-bounds Read
...
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input this can be used as a vector for a denial-of-service attack.
...
An issue was discovered in the nix crate 0.16.0 and later before 0.20.2 0.21.x before 0.21.2 and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups.
...
In x/text in Go before v0.3.5 a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
...
Shim: out-of-bounds read printing error messages
...
Shim: out-of-bounds read in verify_buffer_authenticode() malformed pe file
...
Triggerable assertion due to race condition in hot-unplug
...
Mercurial configuration injectable in repo revision when installing via pip
...
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables
...
Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read()
...
Heap buffer overflow in finfo_buffer
...
GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.
...
In x/text in Go 1.15.4 an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
...
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers and thus a return value may contain an unsafe injection (e.g. XSS) that does not conform to the RFC1035 format.
...
Lenient Parsing of Content-Length Header When Prefixed with Plus Sign
...
Prometheus Exporter Toolkit vulnerable to basic authentication bypass
...
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.
...