68528 matches found
CVE-2025-59149
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In version 8.0.0, rules using keyword ldap.responses.attributetype which is long with transforms can lead to a stack buffer overflow during Suricata startup or duri...
CVE-2025-46205
A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service DoS by supplying a crafted PDF file. NOTE: this is disputed by the Supplier because there is no available file to reproduce the issue...
CVE-2025-11233
Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target x8664-pc-cygwin didn't correctly handle path separators, causing the standard library's Path API to ignore path components separated by backslashes. Due to this, programs compiled for Cygwin that validate paths could...
CVE-2025-59681
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...
CVE-2025-59682
An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common...
CVE-2022-50455
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2023-53490
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix disconnect vs accept race Despite commit 0ad529d9fd2b "mptcp: fix possible divide by zero in recvmsg", the mptcp protocol is still prone to a race between disconnect or shutdown and accept. The root cause is that the...
CVE-2023-53448
In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Removed unneeded releasememregion Remove unnecessary releasememregion from the error path to prevent mem region from being released twice, which could avoid resource leak or other unexpected issues...
CVE-2022-50442
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate buffer length while parsing index indxread is called when we have some NTFS directory operations that need more information from the index buffers. This adds a sanity check to make sure the returned index buffe...
CVE-2022-50450
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2022-50430
In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix warning - do not call blocking ops when !TASKRUNNING vub300enablesdioirq works with mutex and need TASKRUNNING here. Ensure that we mark current as TASKRUNNING for sleepable context. 77.554641 do not call blockin...
CVE-2023-53464
In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Check that sock is valid before iscsisetparam The validity of sock should be checked before assignment to avoid incorrect values. Commit 57569c37f0ad "scsi: iscsi: iscsitcp: Fix null-ptr-deref while calling...
CVE-2023-53475
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: tegra: fix sleep in atomic call When we set the dual-role port to Host mode, we observed the following splat: 167.057718 BUG: sleeping function called from invalid context at include/linux/sched/mm.h:229 167.057872...
CVE-2022-50421
In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Avoid double destroy of default endpoint The rpmsgdevremove in rpmsgcore is the place for releasing this default endpoint. So need to avoid destroying the default endpoint in rpmsgchrdeveptdevdestroy, this should be...
CVE-2023-53510
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix handling of lrbp-cmd ufshcdqueuecommand may be called two times in a row for a SCSI command before it is completed. Hence make the following changes: - In the functions that submit a command, do not check the...
CVE-2022-50429
In the Linux kernel, the following vulnerability has been resolved: memory: of: Fix refcount leak bug in oflpddr3getddrtimings We should add the ofnodeput when breaking out of foreachchildofnode as it will automatically increase and decrease the refcount...
CVE-2023-53449
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: Fix potential memleak in dasdeckdinit dasdreservereq is allocated before dasdvolinforeq, and it also needs to be freed before the error returns, just like the other cases in this function...
CVE-2023-53455
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: drop all currently held locks if deadlock happens If vc4hdmiresetlink returns -EDEADLK, it means that a deadlock happened in the locking context. This situation should be addressed by dropping all currently held locks an...
CVE-2023-53453
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: free iio for atombios when driver shutdown Fix below kmemleak when unload radeon driver: unreferenced object 0xffff9f8608ede200 size 512: comm "systemd-udevd", pid 326, jiffies 4294682822 age 716.338s hex dump first 3...
CVE-2023-53469
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2023-53473
In the Linux kernel, the following vulnerability has been resolved: ext4: improve error handling from ext4dirhash The ext4dirhash will almost never fail, especially when the hash tree feature was first introduced. However, with the addition of support of encrypted, casefolded file names, that...
CVE-2023-53516
In the Linux kernel, the following vulnerability has been resolved: macvlan: add forgotten nlapolicy for IFLAMACVLANBCCUTOFF The previous commit 954d1fa1ac93 "macvlan: Add netlink attribute for broadcast cutoff" added one additional attribute named IFLAMACVLANBCCUTOFF to allow broadcast cutfoff...
CVE-2023-53531
In the Linux kernel, the following vulnerability has been resolved: nullblk: fix poll request timeout handling When doing iouring benchmark on /dev/nullb0, it's easy to crash the kernel if poll requests timeout triggered, as reported by David. 1 BUG: kernel NULL pointer dereference, address:...
CVE-2023-53456
In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Add length check when parsing nlattrs There are three places that qla4xxx parses nlattrs: - qla4xxxsetchapentry - qla4xxxifacesetparam - qla4xxxsysfsddbsetparam and each of them directly converts the nlattr to...
CVE-2023-53496
In the Linux kernel, the following vulnerability has been resolved: x86/platform/uv: Use alternate source for socket to node data The UV code attempts to build a set of tables to allow it to do bidirectional socketnode lookups. But when nrcpus is set to a smaller number than actually present, the...
CVE-2022-50428
In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one errors in fast-commit block filling Due to several different off-by-one errors, or perhaps due to a late change in design that wasn't fully reflected in the code that was actually merged, there are several ve...
CVE-2022-50434
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix possible memleak when register 'hctx' failed There's issue as follows when do fault injection test: unreferenced object 0xffff888132a9f400 size 512: comm "insmod", pid 308021, jiffies 4324277909 age 509.733s hex dump...
CVE-2022-50435
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid crash when inline data creation follows DIO write When inode is created and written to using direct IO, there is nothing to clear the EXT4STATEMAYINLINEDATA flag. Thus when inode gets truncated later to say 1 byte and...
CVE-2022-50436
In the Linux kernel, the following vulnerability has been resolved: ext4: don't set up encryption key during jbd2 transaction Commit a80f7fcf1867 "ext4: fixup ext4fctrack functions' signature" extended the scope of the transaction in ext4unlink too far, making it include the call to ext4findentry...
CVE-2023-53468
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix memory leak in allocwbufs kmemleak reported a sequence of memory leaks, and show them as following: unreferenced object 0xffff8881575f8400 size 1024: comm "mount", pid 19625, jiffies 4297119604 age 20.383s hex dump fir...
CVE-2023-53508
In the Linux kernel, the following vulnerability has been resolved: ublk: fail to start device if queue setup is interrupted In ublkctrlstartdev, if waitforcompletioninterruptible is interrupted by signal, queues aren't setup successfully yet, so we have to fail UBLKCMDSTARTDEV, otherwise kernel...
CVE-2022-50458
In the Linux kernel, the following vulnerability has been resolved: clk: tegra: Fix refcount leak in tegra210clockinit offindmatchingnode returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak...
CVE-2022-50422
In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in smpexecutetasksg When executing SMP task failed, the smpexecutetasksg calls deltimer to delete "slowtask-timer". However, if the timer handler sastaskinternaltimedout is running, the deltim...
CVE-2022-50427
In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in sndac97devregister If deviceregister fails in sndac97devregister, it should call putdevice to give up reference, or the name allocated in devsetname is leaked...
CVE-2022-50441
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Lag, fix failure to cancel delayed bond work Commit 0d4e8ed139d8 "net/mlx5: Lag, avoid lockdep warnings" accidentally removed a call to cancel delayed bond work thus it may cause queued delay to expire and fall on an...
CVE-2022-50432
In the Linux kernel, the following vulnerability has been resolved: kernfs: fix use-after-free in kernfsremove Syzkaller managed to trigger concurrent calls to kernfsremovebynamens for the same file resulting in a KASAN detected use-after-free. The race occurs when the root node is freed during...
CVE-2022-50452
In the Linux kernel, the following vulnerability has been resolved: net: sched: cake: fix null pointer access issue when cakeinit fails When the default qdisc is cake, if the qdisc of devqueue fails to be inited during mqprioinit, cakereset is invoked to clear resources. In this case, the tins is...
CVE-2022-50457
In the Linux kernel, the following vulnerability has been resolved: mtd: core: Fix refcount error in delmtddevice delmtddevice will call ofnodeput to mtdgetofnodemtd, which is mtd-dev.ofnode. However, memset&mtd-dev, 0 is called before ofnodeput. As the result, ofnodeput won't do anything in...
CVE-2022-50454
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in nouveaugemprimeimportsgtable nouveauboinit is backed by ttmboinit and ferries its return code back to the caller. On failures, ttm will call nouveaubodelttm and free the memory.Thus, when...
CVE-2023-53450
In the Linux kernel, the following vulnerability has been resolved: ext4: remove a BUGON in ext4mbreleasegrouppa If a malicious fuzzer overwrites the ext4 superblock while it is mounted such that the sfirstdatablock is set to a very large number, the calculation of the block group can underflow,...
CVE-2023-53467
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential leak in rtw89appendprobereqie Do kfreeskbnew before goto out to prevent potential leak...
CVE-2023-53492
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: do not ignore genmask when looking up chain by id When adding a rule to a chain referring to its ID, if that chain had been deleted on the same batch, the rule might end up referring to a deleted chain. This...
CVE-2023-53488
In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix possible panic during hotplug remove During hotplug remove it is possible that the update counters work might be pending, and may run after memory has been freed. Cancel the update counters work before freeing memory...
CVE-2023-53529
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: Fix memory leak in rtw88usb Kmemleak shows the following leak arising from routine in the usb probe routine: unreferenced object 0xffff895cb29bba00 size 512: comm "udev-worker", pid 534, jiffies 4294903932 age...
CVE-2023-53513
In the Linux kernel, the following vulnerability has been resolved: nbd: fix incomplete validation of ioctl arg We tested and found an alarm caused by nbdioctl arg without verification. The UBSAN warning calltrace like below: UBSAN: Undefined behaviour in fs/buffer.c:1709:35 signed integer...
CVE-2023-53511
In the Linux kernel, the following vulnerability has been resolved: iouring: fix fget leak when fs don't support nowait buffered read Heming reported a BUG when using iouring doing link-cp on ocfs2. 1 Do the following steps can reproduce this BUG: mount -t ocfs2 /dev/vdc /mnt/ocfs2 cp testfile...
CVE-2023-53514
In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix memory leak of device names The device names allocated by devsetname need be freed before module unloading, but they can not be freed because the kobject's refcount which was set in deviceinitialize has not be...
CVE-2023-53515
In the Linux kernel, the following vulnerability has been resolved: virtio-mmio: don't break lifecycle of vmdev vmdev has a separate lifecycle because it has a 'struct device' embedded. Thus, having a release callback for it is correct. Allocating the vmdev struct with devres totally breaks this...
CVE-2023-53530
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use rawsmpprocessorid instead of smpprocessorid The following call trace was observed: localhost kernel: nvme nvme0: NVME-FC0: controller connect complete localhost kernel: BUG: using smpprocessorid in preemptible...
CVE-2023-53532
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix deinitialization of firmware resources Currently, in ath11kahbfwresourcesinit, iommu domain mapping is done only for the chipsets having fixed firmware memory. Also, for such chipsets, mapping is done only if it...