Fedora

A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system.

Published: 2024-02-08T12:38:03.062Z
Updated: 2024-08-01T18:33:25.383Z

A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.

Published: 2023-12-23T22:33:13.530Z
Updated: 2024-08-02T08:50:07.937Z

An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer.

Published: 2024-01-31T14:08:02.610Z
Updated: 2026-05-12T10:41:09.437Z

An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer.

Published: 2024-01-31T14:07:41.967Z
Updated: 2026-05-12T10:41:08.261Z

An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system.

Published: 2023-12-08T23:56:55.211Z
Updated: 2024-08-02T08:35:14.422Z

The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.

Published: 2024-01-16T14:33:02.308Z
Updated: 2025-02-13T17:26:22.188Z

A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Cryptography Standards (PKCS#11). If exploited successfully, this vulnerability could result in a Bleichenbacher-like security flaw, potentially enabling a side-channel attack on PKCS#1 1.5 decryption.

Published: 2024-01-30T16:55:18.733Z
Updated: 2025-06-17T21:29:17.985Z

A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.

Published: 2024-01-31T14:06:21.949Z
Updated: 2026-05-12T10:41:06.882Z

A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption.

Published: 2023-11-21T20:21:20.625Z
Updated: 2024-10-17T18:01:41.927Z

A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.

Published: 2024-01-28T12:19:24.885Z
Updated: 2025-06-05T19:45:49.317Z

A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.

Published: 2023-11-09T15:08:03.326Z
Updated: 2025-02-27T20:34:12.368Z

A null pointer dereference flaw was found in the nft_inner.c functionality of netfilter in the Linux kernel. This issue could allow a local user to crash the system or escalate their privileges on the system.

Published: 2023-11-23T17:21:20.589Z
Updated: 2024-08-02T08:14:25.196Z

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.

Published: 2023-10-06T17:43:34.376Z
Updated: 2025-02-13T17:20:09.786Z

A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.

Published: 2023-10-30T20:27:59.972Z
Updated: 2026-01-05T18:05:08.319Z

A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length descriptor.

Published: 2023-09-25T15:55:15.724Z
Updated: 2025-02-27T20:49:05.203Z

A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak.

Published: 2023-08-29T21:25:53.315Z
Updated: 2025-02-27T21:03:20.706Z

A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause double-deactivations of catchall elements, which can result in a memory leak.

Published: 2023-08-28T21:46:12.599Z
Updated: 2025-02-27T21:03:29.416Z

A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel information

Published: 2023-08-17T12:49:14.052Z
Updated: 2025-02-27T21:03:51.156Z

A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information.

Published: 2023-08-16T18:49:10.737Z
Updated: 2024-10-15T18:32:59.062Z

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack.

Published: 2023-12-21T16:03:21.837Z
Updated: 2025-02-13T17:09:26.781Z

An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition.

Published: 2023-12-21T16:08:39.691Z
Updated: 2025-02-13T17:09:26.229Z

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver_report().

Published: 2024-04-17T22:54:27.254Z
Updated: 2025-11-04T18:17:00.416Z

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_submit_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_submit_report().

Published: 2024-04-17T22:53:32.562Z
Updated: 2025-11-04T18:16:59.241Z

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the sms_decode_address_field() function during the SMS PDU decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS.

Published: 2024-04-17T22:50:49.698Z
Updated: 2025-11-04T18:16:56.833Z

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_status_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_status_report().

Published: 2024-04-17T22:49:12.892Z
Updated: 2025-11-04T18:16:54.347Z

A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.

Published: 2023-09-25T17:20:19.377Z
Updated: 2024-09-24T15:36:52.766Z

A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`).

Published: 2023-09-13T16:11:39.213Z
Updated: 2025-02-27T20:52:55.595Z

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence.

Published: 2023-11-07T19:14:28.305Z
Updated: 2024-08-02T07:17:12.144Z

A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.

Published: 2023-08-04T13:19:15.760Z
Updated: 2024-08-02T07:17:11.930Z

An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers.

Published: 2023-10-13T01:41:49.818Z
Updated: 2024-08-02T19:30:24.025Z

A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.

Published: 2024-02-22T12:15:53.128Z
Updated: 2025-02-13T17:03:14.623Z

A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue.

Published: 2023-07-24T14:25:02.287Z
Updated: 2025-02-13T17:02:27.134Z

A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.

Published: 2023-07-24T15:19:20.511Z
Updated: 2024-09-27T13:44:27.663Z

A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.

Published: 2023-07-12T14:06:04.572Z
Updated: 2025-11-03T20:35:36.763Z

A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.

Published: 2023-07-12T14:06:04.572Z
Updated: 2025-11-03T20:35:36.763Z

A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users. Given this code is not in any released versions, no security releases have been issued.

Published: 2023-07-21T19:09:44.083Z
Updated: 2024-09-26T20:04:43.251Z

A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buffer overflow and could cause a crash, leading to a denial of service.

Published: 2023-12-18T13:40:05.145Z
Updated: 2024-08-02T06:55:03.301Z

A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value of kmalloc(). This issue allows a local user to crash the system.

Published: 2023-06-28T00:00:00.000Z
Updated: 2025-03-05T18:55:32.966Z

A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.

Published: 2023-07-11T16:16:56.294Z
Updated: 2025-02-13T16:55:08.379Z

A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.

Published: 2023-06-30T00:00:00.000Z
Updated: 2025-03-05T18:55:11.038Z

A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.

Published: 2023-09-13T16:09:36.861Z
Updated: 2025-02-13T16:55:04.152Z

A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.

Published: 2023-07-11T11:45:36.711Z
Updated: 2025-03-05T18:54:16.670Z

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.

Published: 2023-08-03T14:31:36.083Z
Updated: 2024-09-25T19:56:37.371Z

A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.

Published: 2023-11-02T11:26:28.533Z
Updated: 2024-10-11T17:04:00.410Z

A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.

Published: 2023-10-04T11:13:40.083Z
Updated: 2024-09-19T14:25:08.613Z

A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.

Published: 2023-11-02T15:00:19.576Z
Updated: 2025-11-03T21:49:11.746Z

A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.

Published: 2023-11-02T14:59:24.996Z
Updated: 2025-11-03T21:49:10.298Z

A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.

Published: 2023-11-02T14:58:22.628Z
Updated: 2025-11-03T21:49:08.851Z

A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.

Published: 2023-11-02T14:57:28.872Z
Updated: 2025-11-03T21:49:07.373Z

A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.

Published: 2023-11-02T14:49:26.283Z
Updated: 2025-11-03T21:49:05.912Z

An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

Published: 2023-07-14T17:07:01.468Z
Updated: 2025-02-13T17:01:49.231Z

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.

Published: 2023-07-10T20:05:39.681Z
Updated: 2024-10-01T16:24:35.073Z

A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.

Published: 2023-07-10T17:16:59.692Z
Updated: 2024-10-01T16:13:25.791Z

A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.

Published: 2023-09-14T19:03:58.229Z
Updated: 2025-02-13T16:54:55.463Z

A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.

Published: 2023-07-10T17:15:42.063Z
Updated: 2025-02-13T16:54:52.041Z

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

Published: 2023-07-24T15:19:26.475Z
Updated: 2025-03-05T18:47:42.142Z

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

Published: 2023-07-24T15:19:26.923Z
Updated: 2025-07-29T13:38:44.217Z

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

Published: 2023-07-10T15:11:25.707Z
Updated: 2025-02-13T16:50:28.958Z

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

Published: 2023-07-24T15:19:26.515Z
Updated: 2024-08-02T15:10:24.250Z

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

Published: 2023-07-10T15:09:37.474Z
Updated: 2025-02-13T16:50:28.282Z

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

Published: 2023-07-24T15:19:27.342Z
Updated: 2024-08-02T15:10:24.244Z

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

Published: 2023-07-24T15:19:23.840Z
Updated: 2024-08-02T15:10:23.979Z

A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service.

Published: 2023-06-30T00:00:00.000Z
Updated: 2025-11-03T20:35:30.709Z

An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This flaw allows a privileged local user to disclose sensitive information on affected installations of the Linux kernel.

Published: 2023-07-24T15:19:18.473Z
Updated: 2025-03-05T18:47:56.873Z

This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750.

Published: 2023-09-13T16:50:53.532Z
Updated: 2025-02-13T16:44:57.370Z

A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.

Published: 2023-07-10T17:14:14.297Z
Updated: 2024-10-01T15:55:31.776Z

A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.

Published: 2023-09-14T20:47:16.974Z
Updated: 2025-02-13T16:44:33.622Z

A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.

Published: 2023-09-14T20:49:15.468Z
Updated: 2025-02-13T16:44:33.064Z

A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.

Published: 2023-09-14T20:50:09.526Z
Updated: 2025-02-13T16:44:32.455Z

An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.

Published: 2023-09-14T20:50:58.267Z
Updated: 2025-02-13T16:44:31.939Z

A race condition exists in the Tang server functionality for key generation and key rotation. This flaw results in a small time window where Tang private keys become readable by other processes on the same host.

Published: 2023-07-11T11:47:35.363Z
Updated: 2025-02-13T16:39:29.669Z

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host.

Published: 2023-07-24T15:19:25.843Z
Updated: 2024-09-25T19:57:50.614Z

An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory.

Published: 2023-11-03T07:41:35.083Z
Updated: 2025-02-13T16:39:17.173Z

A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.

Published: 2023-11-01T19:10:14.210Z
Updated: 2025-02-27T20:36:18.738Z

A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.

Published: 2023-11-01T19:01:47.336Z
Updated: 2025-02-27T20:36:33.776Z

A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.

Published: 2023-07-10T15:04:30.740Z
Updated: 2025-02-13T16:39:16.576Z

A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.

Published: 2023-07-18T16:08:23.653Z
Updated: 2024-09-26T19:33:49.046Z

A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.

Published: 2023-11-02T15:01:28.590Z
Updated: 2025-11-03T21:46:48.606Z

A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).

Published: 2023-10-04T11:26:11.191Z
Updated: 2024-09-19T14:41:40.138Z

A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).

Published: 2023-10-04T11:26:11.191Z
Updated: 2024-09-19T14:41:40.138Z

An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways.

Published: 2024-02-04T19:16:35.651Z
Updated: 2025-06-17T14:29:17.224Z

A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash.

Published: 2010-11-20T20:00:00.000Z
Updated: 2024-08-07T03:26:12.242Z