21727 matches found
ice: Fix memory corruption in VF driver
...
filemap: Handle sibling entries in filemap_get_read_batch()
...
quic-go has Client Crash Due to Premature HANDSHAKE_DONE Frame
...
GNU Binutils prdbg.c tg_tag_type return value
...
ipvs: Defer ip_vs_ftp unregister during netns cleanup
...
crypto: essiv - Check ssize for decryption and in-place encryption
...
astral-tokio-tar Vulnerable to PAX Header Desynchronization
...
Resource exhaustion via malformed DNSKEY handling
...
Cache poisoning due to weak PRNG
...
Cache poisoning attacks with unsolicited RRs
...
md/md-bitmap: Synchronize bitmap_get_stats() with bitmap lifetime
...
HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check
...
Microsoft Configuration Manager Spoofing Vulnerability
Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network...
LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks.
...
Possible domain hijacking via promiscuous records in the authority section
...
drm/i915/selftests: fix subtraction overflow bug
...
KVM: VMX: Prevent RSB underflow before vmenter
...
KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits
...
bpf: Fix combination of jit blinding and pointers to bpf subprogs.
...
ath11k: fix the warning of dev_wake in mhi_pm_disable_transition()
...
btrfs: fix anon_dev leak in create_subvol()
...
spi: fsi: Implement a timeout for polling status
...
Azure Notification Service Elevation of Privilege Vulnerability
Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network...
Azure Compute Resource Provider Elevation of Privilege Vulnerability
Server-side request forgery ssrf in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network...
Azure Event Grid System Elevation of Privilege Vulnerability
Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network...
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
...
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
...
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
...
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
...
The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.
...
spi: cadence-quadspi: Implement refcount to handle unbind during busy
...
media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID
...
workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker
...
ath11k: Change max no of active probe SSID and BSSID to fw capability
...
media: i2c: dw9714: Disable the regulator when the driver fails to probe
...
scsi: lpfc: Inhibit aborts if external loopback plug is inserted
...
net: annotate races around sk->sk_bound_dev_if
...
net/mlx5: E-Switch, pair only capable devices
...
usb: dwc3: host: Stop setting the ACPI companion
...
mmc: core: use sysfs_emit() instead of sprintf()
...
bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE
...
afs: Fix potential null pointer dereference in afs_put_server
...
drm/gma500: Fix null dereference in hdmi teardown
...
ASoC: qcom: audioreach: fix potential null pointer dereference
...
scsi: mvsas: Fix use-after-free bugs in mvs_work_queue
...
Squid vulnerable to information disclosure via authentication credential leakage in error handling
...