CVE-2025-5479

CVE-2025-5479 affects Sony XAV-AX8500. A heap-based buffer overflow in the Bluetooth AVCTP protocol allows remote code execution when an attacker can pair a malicious Bluetooth device with the target, exploiting improper validation of user-supplied data. The issue arises in the Bluetooth AVCTP im...

Important: libblockdev security update

libblockdev is a C library supporting GObject introspection for manipulation of block devices. It has a plugin-based architecture where each technology like LVM, Btrfs, MD RAID, Swap,... is implemented in a separate plugin, possibly with multiple implementations e.g. using LVM CLI or the new LVM...

CVE-2025-6266

creationtimestamp| type| source ---|---|--- 2025-06-19 14:03:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lrxouze5yh2m...

CVE-2022-50011

In the Linux kernel, the following vulnerability has been resolved: venus: pmhelpers: Fix warning in OPP during probe Fix the following WARN triggered during Venus driver probe on 5.19.0-rc8-next-20220728: WARNING: CPU: 7 PID: 339 at drivers/opp/core.c:2471 devpmoppsetconfig+0x49c/0x610 Modules...

CVE-2022-50008

In the Linux kernel, the following vulnerability has been resolved: kprobes: don't call disarmkprobe for disabled kprobes The assumption in disablekprobe is wrong, and it could try to disarm an already disarmed kprobe and fire the WARNONCE below. 0 We can easily reproduce this issue. 1. Write 0 t...

CVE-2022-50036 drm/sun4i: dsi: Prevent underflow when computing packet sizes

In the Linux kernel, the following vulnerability has been resolved: drm/sun4i: dsi: Prevent underflow when computing packet sizes Currently, the packet overhead is subtracted using unsigned arithmetic. With a short sync pulse, this could underflow and wrap around to near the maximal u16 value. Fi...

CVE-2022-49962

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference in remove if xHC has only one roothub The remove path in xhci platform driver tries to remove and put both main and shared hcds even if only a main hcd exists one roothub This causes a null...

CVE-2022-49936

In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage: ============================================ WARNING: possible recursive locking detected 5.18.0 3 Not...

CVE-2025-38061

In the Linux kernel, the following vulnerability has been resolved: net: pktgen: fix access outside of user given buffer in pktgenthreadwrite Honour the user given buffer size for the strnlen calls otherwise strnlen will access memory outside of the user given buffer...

CVE-2025-38023

In the Linux kernel, the following vulnerability has been resolved: nfs: handle failure of nfsgetlockcontext in unlock path When memory is insufficient, the allocation of nfslockcontext in nfsgetlockcontext fails and returns -ENOMEM. If we mistakenly treat an nfs4unlockdata structure whose lctx...

Moderate: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

CVE-2025-6165 TOTOLINK X15 HTTP POST Request formTmultiAP buffer overflow

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack c...

Moderate: Red Hat Security Advisory: gvisor-tap-vsock security update

An update for gvisor-tap-vsock is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

CVE-2025-32798

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build recipe processing logic has been found to be vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. Currently, conda-build uses the eval function to process...

Moderate: Red Hat Security Advisory: buildah security update

An update for buildah is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: git-lfs security update

An update for git-lfs is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

CVE-2025-49794

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

CVE-2025-4922

Nomad Community and Nomad Enterprise “Nomad” prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14...

CVE-2025-4798

CVE-2025-4798 affects the WP-DownloadManager WordPress plugin, with versions up to and including 1.68.10 vulnerable to an arbitrary file read. The issue arises from lack of directory restrictions when an administrator stores downloads, enabling authenticated attackers with Administrator-level acc...

CVE-2025-46874 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...