21727 matches found
drm/amdkfd: range check cp bad op exception interrupts
...
amd/amdkfd: sync all devices to wait all processes being evicted
...
wifi: iwlwifi: read txq->read_ptr under lock
...
scsi: mpi3mr: Avoid memcpy field-spanning write WARNING
...
net/sched: taprio: extend minimum interval restriction to entire cycle too
...
tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork.
...
pcmcia: Add error handling for add_interval() in do_validate_mem()
...
i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path
...
tracing: Silence warning when chunk allocation fails in trace_pid_write
...
e1000e: fix heap overflow in e1000_set_eeprom
...
dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees
...
mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters()
...
mm/slub: avoid accessing metadata when pointer is invalid in object_err()
...
mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters()
...
wifi: mwifiex: Initialize the chan_stats array to zero
...
sched: Fix sched_numa_find_nth_cpu() if mask offline
...
Out-of-bounds read & write in RFC 3211 KEK Unwrap
...
Out-of-bounds read in HTTP client no_proxy handling
...
An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.
...
GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow
...
GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow
...
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
...
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
...
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
...
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
...
Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded.
...
An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function
...
QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.
...
Rejected reason: Duplicate of CVE-2024-5629.
...
A use-after-free vulnerability involving upgradeToRocket requests can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2024.09.09.00.
...
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
...
Glibc: potential use-after-free in gaih_inet()
...
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability
...
Openvswitch don't match packets on nd_target field
...
Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.
...
Use-after-free in Linux kernel's netfilter subsystem
...
G_variant_byteswap() can take a long time with some non-normal inputs
...
Rejected reason: Duplicate of CVE-2023-3390.
...
Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin.
...
Gvariant deserialisation does not match spec for non-normal data
...
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
...
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
...
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was the duplicate of CVE-2023-31436.
...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run on
...
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code
...
A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.
...
A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.
...
Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access.
...
An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.
...
Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
...