9999 matches found
CVE-2024-36004
CVE-2024-36004 is a Linux kernel issue where the i40e driver's workqueue was created with the WQ_MEM_RECLAIM flag, triggering a check_flush_dependency warning when i40e and i40iw are loaded. The fix removes the flag on i40e’s workqueue, mirroring a similar fix in ice, and is documented in several...
CVE-2024-35900
CVE-2024-35900 affects the Linux kernel nf_tables (netfilter). The issue arises when the dormant table flag is toggled; during commit, hooks are iterated across both existing and new chains, which can lead to an inconsistent state. This may trigger a warning when unregistering a chain that is alr...
CVE-2024-27398
CVE-2024-27398 – Linux kernel Bluetooth SCO use-after-free . The vulnerability stems from a use-after-free in sco_sock_timeout: after a SCO connection is established, releasing the SCO socket may schedule timeout_work, but the socket can be freed yet still dereferenced by sco_sock_timeout, leadin...
CVE-2024-27401
CVE-2024-27401 affects the Linux kernel’s firewire nosy code path. The vulnerability arises because packet_buffer_get could read beyond the user-supplied length if the head packet length exceeded user_length, potentially allowing a user-space overflow. The fix ensures the function returns 0 when ...
CVE-2024-26870
CVE-2024-26870 describes a Linux kernel vulnerability in NFSv4.2 where listxattr could trigger a kernel BUG in mm/usercopy.c when size handling is incorrect. The connected Astra Linux entry mirrors the issue and provides a concrete fix: modify nfs4_listxattr() so that if size > 0 and the funct...
CVE-2024-27399
CVE-2024-27399 affects the Linux kernel Bluetooth stack (l2cap). It is caused by a race between l2cap_chan_timeout() and l2cap_chan_del(), where deleting a channel can set chan->conn to NULL but a dereference may occur in mutex_lock() inside l2cap_chan_timeout(), leading to a NULL pointer dere...
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2024-1551
The CVE-2024-1551 issue is a header-injection vulnerability in Set-Cookie handling within multipart HTTP responses. The root cause is that an attacker able to control the Content-Type header and part of the response body could inject Set-Cookie headers that the browser would honor. Affected produ...
CVE-2023-52482
CVE-2023-52482 is a Linux kernel issue where x86 SRSO mitigation was added to address speculative return stack overflow on Hygon processors. The connected Nessus entry for MiracleLinux 9 references kernel commits that implement x86 srso mitigation for Hygon and notes this CVE’s resolution, aligni...
CVE-2021-39275
CVE-2021-39275 affects Apache HTTP Server (httpd) up to 2.4.48 and earlier. The issue is an out-of-bounds write in ap_escape_quotes() when given malicious input, potentially crashing the server or enabling code execution in some environments. Several connected sources concur this vulnerability ex...
CVE-2024-33599
CVE-2024-33599 affects the GNU C Library (glibc) with a stack-based overflow in the netgroup cache used by nscd when the fixed-size cache is overwhelmed by client requests. The flaw was introduced in glibc 2.15 and is present only in the nscd binary; exploitation can impact confidentiality, integ...
CVE-2024-1546
Mozilla Firefox and Thunderbird are affected by CVE-2024-1546 (out-of-bounds memory read due to potential buffer length confusion when storing/re-accessing data over a network channel). Affected products and versions per provided documents: Firefox <= 122? (reported as Firefox < 123) and Fi...
CVE-2024-1548
CVE-2024-1548 describes a spoofing risk where a fullscreen notification could be obscured by a dropdown select input, potentially confusing users. Affected: Firefox <123, Firefox ESR <115.8, Thunderbird
CVE-2024-26817
CVE-2024-26817 affects the Linux kernel amdkfd component. The vulnerability arises from using kzalloc with a multiplication that can overflow; the fix replaces kzalloc with calloc to avoid integer overflow. Descriptions in connected Nessus advisories (Unity Linux UTSA advisories) reiterate the sa...
CVE-2001-0554
CVE-2001-0554 affects netkit-telnetd (Telnet daemon) on BSD-based systems, via a buffer overflow in in.telnetd/telrcv handling (triggered by certain Telnet options such as AYT). OpenVAS entries describe a remote attacker potentially causing denial of service or gaining remote code execution; at l...
CVE-2024-1549
Summary (CVE-2024-1549) : The issue is a UI overlap flaw where a website setting a large custom cursor could cause parts of the cursor to overlap the permission dialog, risking user confusion and accidental permission grants. Affected products include Mozilla Firefox (up to version < 123) and ...
CVE-2024-33600
CVE-2024-33600 is an in-nscd (Name Service Cache Daemon) null pointer dereference caused by a failure to cache a not-found netgroup response. It affects the nscd binary and was introduced with glibc’s cache feature (glbic 2.15+). Exploitation depends on remote input, but the provided sources do n...
CVE-2023-52644
CVE-2023-52644 relates to a Linux kernel WiFi component (b43) where the QoS-disabled path could map the IEEE 802.11 queue incorrectly due to a single-queue scenario. The root cause is that when QoS is off, the code may attempt to stop/wake a non-existent queue or fail to stop/wake the actual queu...
CVE-2024-26861
CVE-2024-26861 affects the Linux kernel wireguard receive path, where a data race around keypair->receiving_counter.counter was identified (READ_ONCE/WRITE_ONCE annotations used to mark the race as intentional). The race occurs between wg_packet_decrypt_worker and wg_packet_rx_poll, potentiall...
CVE-2024-26809
CVE-2024-26809 is a Linux kernel vulnerability in netfilter nft_set_pipapo logic. The issue arises when destroying set elements: clone path may destroy elements twice because it did not always use a current view of the lookup table. The root cause is that destruction could proceed without the lat...
CVE-2024-26816
CVE-2024-26816 affects the Linux kernel on x86 where, when CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section. Relocations in .notes were previously possible and could leak the KASLR base via /sys/kernel/notes. The fixes instruct the kernel to skip performing relocations in the .n...
CVE-2023-5388
CVE-2023-5388 concerns an NSS timing attack during RSA decryption that could leak private data. Connected entries confirm affected software: Mozilla Firefox (including ESR) and Thunderbird, with vulnerable builds prior to Firefox 124 and Thunderbird 115.9.x. Root cause is a timing side-channel in...
CVE-2024-26957
CVE-2024-26957 relates to the Linux kernel’s s390/zcrypt subsystem, where reference counting on zcrypt card objects was fixed to prevent a use-after-free of the zcrypt_card during hot-plug/probe/remove cycles. The issue could allow freeing a zcrypt card object while it is still in use, as demonst...
CVE-2023-52583
The CVE-2023-52583 entry describes a Linux kernel issue in the ceph component where dget() usage could lead to a deadlock due to incorrect lock ordering between dentry and its parent. The dead code path was never used because the parent directory is always supplied by callers, so the fix removes ...
CVE-2017-7668
CVE-2017-7668: Apache httpd contains a buffer over-read in ap_find_token() caused by strict HTTP parsing changes in 2.2.32 and 2.4.24. A remote attacker can craft headers to crash the httpd process or have ap_find_token() return an incorrect value. Affected distributions have addressed this by up...
CVE-2024-27008
CVE-2024-27008 is confirmed in the connected MiracleLinux advisories as a Linux kernel vulnerability affecting the drm nv04 driver. Description: when Output Resource (dcb->or) is assigned in fabricate_dcb_output(), there can be an out-of-bounds access to the dac_users array if dcb->or is ze...
CVE-2024-26614
CVE-2024-26614 : Linux kernel vulnerability where the accept_queue spinlocks were not initialized correctly, enabling a local attacker to trigger a denial of service. The issue surfaces in tcp handling and was observed in syz reproductions showing pvqspinlock corruption during queue operations. C...
CVE-2024-25082
FontForge (through 20230101) is affected by CVE-2024-25081 and CVE-2024-25082, allowing shell command injection via specially crafted filenames or archives/compressed files. Public advisories from Debian (DSA-5641-1), AlmaLinux (ALSA-2024-2495 / ALSA-2024-565), and Amazon Linux (ALAS2024-2495 / A...
CVE-2020-1927
CVE-2020-1927 affects Apache HTTP Server 2.4.0–2.4.41, where mod_rewrite redirects intended to be self-referential could be fooled by encoded newlines and redirect to an unexpected URL within the request. Multiple connected advisories confirm the issue and indicate that fixes were released in Apa...
CVE-2023-52492
CVE-2023-52492 refers to a Linux kernel vulnerability in the DMA engine where __dma_async_device_channel_unregister() could dereference a NULL chan->local if __dma_async_device_channel_register() failed and channels were unregistered. The fixed behavior adds a guard at the beginning of __dma_a...
CVE-2018-20685
CVE-2018-20685 affects OpenSSH scp client: scp.c allows remote servers to bypass access restrictions via the filename "." or an empty filename, potentially enabling modification of the client-directory permissions. Multiple advisories confirm this vulnerability and fix paths: Arch Linux ASA-20190...
CVE-2019-9513
CVE-2019-9513 (and related HTTP/2 CVEs) affect nginx and nghttp2. The issues enable denial of service via HTTP/2 resource loops and priority/window manipulation, causing high CPU/memory usage. nginx 1.16.x and nghttp2 are specifically named in advisories; remediation is upgrading to fixed package...
CVE-2018-15473
OpenSSH vulnerability CVE-2018-15473 affects OpenSSH up to version 7.7, where the server may enumerate valid usernames by returning different responses for invalid authentication attempts due to not delaying bailout until after the request packet is parsed (auth2-gss.c, auth2-hostbased.c, auth2-p...
CVE-2024-26859
CVE-2024-26859: In the Linux kernel, a race in the bnX2x driver during EEH error handling could cause a read of freed memory when bnx2x_io_slot_reset() and bnx2x_nic_unload() race. The fix ensures page pool allocations are verified before freeing SGEs to prevent NULL-pointer dereferences and cras...
CVE-2024-26973
CVE-2024-26973 concerns the Linux kernel fat subsystem. The issue occurred when fat_encode_fh_nostale() encoded a file handle without a parent and stored only the first 10 bytes; since the file handle length must be a multiple of 4, the actual length is 12 bytes and the last two bytes could be un...
CVE-2024-26999
CVE-2024-26999 — Linux kernel (serial/pmac_zilog) A vulnerability in the Linux kernel’s pmac_zilog serial driver was mitigated by a patch that was later removed. The mitigation intended to stop IRQs entirely caused a crash when pmac_zilog is used as a serial console. Specifically, a pr_err() path...
CVE-2024-26862
CVE-2024-26862 — Linux kernel data race (kernel 5.x/6.x) Root cause: missing READ_ONCE()/WRITE_ONCE() annotations for ignore_outgoing reads in packet code; read/write races observed between dev_queue_xmit_nit() and packet_setsockopt(). Syzkaller/KCSAN reported a data-race affecting packet_setsock...
CVE-2024-26931
CVE-2024-26931 affects the Linux kernel driver for SCSI over Fibre Channel (scsi: qla2xxx). The issue arises when memory pressure prevents a command flush during cable pull recovery, causing the upper SCSI layer to modify scsi_cmnd improperly. When memory is freed and a subsequent cable pull trig...
CVE-2024-4367
CVE-2024-4367 concerns a missing type check when handling fonts in PDF.js, allowing arbitrary JavaScript execution within the PDF.js context. Affected products listed in connected docs include Firefox before 126, Firefox ESR before 115.11, and Thunderbird before 115.11. The root cause is limited ...
CVE-2024-26872
The CVE-2024-26872 vulnerability affects the Linux kernel RDMA/srpt subsystem. A race condition allows a use-after-free situation in srpt_refresh_port() when an event handler is registered before the srpt device is fully initialized. The issue can impact confidentiality, integrity, and availabili...
CVE-2024-26874
CVE-2024-26874 is a Linux kernel vulnerability in the drm/mediatek driver where a race allows a NULL pointer dereference in mtk_drm_crtc_finish_page_flip if mtk_crtc->event is NULL. The root cause is that pending_needs_vblank is derived from mtk_crtc->event and a race occurs between atomic_...
CVE-2024-31309
CVE-2024-31309 affects Apache Traffic Server (ATS) HTTP/2 CONTINUATION handling. A DoS can occur due to CONTINUATION frame floods, impacting ATS 8.0.0–8.1.9 and 9.0.0–9.2.3. Upstream fixes are in 8.1.10 and 9.2.4. Practical mitigation includes setting proxy.config.http2.max_continuation_frames_pe...
CVE-2020-1934
CVE-2020-1934 affects Apache HTTP Server 2.4.0–2.4.41 via mod_proxy_ftp, which may use uninitialized memory when proxying to a malicious FTP backend. Public advisories confirm the fixes in Apache HTTP Server 2.4.43+ (e.g., ALAS-2020-1370/ALAS2-2020-1427), so upgrading to 2.4.43 or newer is the re...
CVE-2024-26625
The CVE-2024-26625 entry concerns a Linux kernel issue in the LLC path where a stale sk->sk_wq pointer could remain after releasing an LLC socket. The trace indicates a use-after-free path triggered by sock_wfree and related sk_buff paths. The fix involves a commit that clears sock->sk afte...
CVE-2017-7494
CVE-2017-7494 affects Samba 3.5.0 and later, with vulnerable ranges ending before 4.6.4, and also before 4.5.10 and 4.4.14 in some branches. The flaw enables a malicious client with write access to a writable Samba share to upload a shared library and trigger the server to load and execute it, ac...
CVE-2023-44487
CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...
CVE-2019-9517
CVE-2019-9517 describes an attack against some HTTP/2 implementations where unconstrained internal data buffering can cause a denial of service. The vulnerability arises when an attacker floods a connection with a large number of requests for a large response object while manipulating HTTP/2 flow...
CVE-2023-51385
OpenSSH CVE-2023-51385: OS command injection can occur when a username or hostname containing shell metacharacters is used in expansion tokens, e.g., in untrusted repositories. Affected: OpenSSH up to version
CVE-2018-16843
CVE-2018-16843 affects nginx before 1.15.6 and 1.14.1, where HTTP/2 implementation vulnerabilities in ngx_http_v2_module (if http2 is enabled) can cause excessive memory usage. Connected advisories also reference related CVEs (16844/16845) and show multiple distributions (Debian, Fedora/Red Hat, ...
CVE-2018-16844
CVE-2018-16844 affects nginx before versions 1.15.6 and 1.14.1 where HTTP/2 implementation can cause excessive CPU usage when nginx is built with the ngx_http_v2_module and the listen directive uses http2. The issue is triggered by HTTP/2 handling and is report-backed across multiple providers (D...