21761 matches found
Global Buffer Overflow in GNU gzip
...
WebOb: Location header normalization during redirect leads to open redirect
...
Bluetooth: fix memory leak in error path of hci_alloc_dev()
...
6lowpan: fix off-by-one in multicast context address compression
...
mm/hugetlb: restore reservation on error in hugetlb folio copy paths
...
Vim: Out-of-bounds Read with Text Properties
...
net: qrtr: fix refcount saturation and potential UAF in qrtr_port_remove
...
Vim: PowerShell Command Injection via Unescaped Filename in zip.vim Extraction
...
Vim: Out-of-bounds Read in Text Property Count
...
net/smc: avoid NULL deref of conn->lnk in smc_msg_event tracepoint
...
Vim: Out-of-bounds Write in Spell File Prefix Dump
...
net: mvpp2: refill RX buffers before XDP or skb use
...
ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTL_SET_SPARSE
...
Vim: Arbitrary Code Execution via Python Omni-Completion Docstrings
...
IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN
...
USB: serial: io_ti: fix heap overflow in get_manuf_info()
...
Vim: Out-of-bounds Write in Spell File Word Count
...
ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup()
...
Vim: Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filename
...
Vim: Stack out-of-bounds write in `spell_soundfold_sofo()` via an over-length `soundfold()` argument
...
Bluetooth: bnep: reject short frames before parsing
...
xfrm: espintcp: do not reuse an in-progress partial send
...
Vim: Out-of-bounds Read with libsodium-encrypted Files
...
net: ethernet: mtk_eth_soc: Fix use-after-free in metadata dst teardown
...
net/sched: cls_fw: fix NULL dereference of "old" filters before change()
...
Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`
...
netfilter: x_tables: avoid leaking percpu counter pointers
...
drm/amd/display: Fix NULL deref and buffer over-read in SDP debugfs
...
Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247
...
Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type
...
batman-adv: clear current gateway during teardown
...
Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classes
...
Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetime
...
RDMA/srp: bound SRP_RSP sense copy by the received length
...
Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exception
...
net: mvpp2: sync RX data at the hardware packet offset
...
Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=`
...
hv_netvsc: use kmap_local_page in netvsc_copy_to_send_buf
...
ipc/shm: serialize orphan cleanup with shm_nattch updates
...
Nokogiri: Possible Use-After-Free in XInclude Processing
...
netfilter: ebtables: fix OOB read in compat_mtw_from_user
...
netfilter: conntrack_irc: fix possible out-of-bounds read
...
Mistune: Potential DoS via quadratic-time parsing in parse_link_text
...
mptcp: allow subflow rcv wnd to shrink
...
misc: fastrpc: fix use-after-free race in fastrpc_map_create
...
ipv6: sit: reload inner IPv6 header after GSO offloads
...
sctp: fix uninit-value in __sctp_rcv_asconf_lookup()
...
drm/virtio: fix dma_fence refcount leak on error in virtio_gpu_dma_fence_wait()
...
net/802/mrp: fix vector attribute parsing in mrp_pdu_parse_vecattr
...
fuse: reject fuse_notify() pagecache ops on directories
...