CVE-2025-33111 IBM Controller Information Disclosure

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks...

CVE-2025-33111

CVE-2025-33111 affects IBM Controller 11.1.0–11.1.1 and IBM Cognos Controller 11.0.0–11.0.1 FP6. The issue is a race condition where temporary files are created without atomic operations, potentially exposing sensitive information to an authenticated user. Remediation per IBM security bulletin: u...

CVE-2025-36015 IBM Controller Denial of Service

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow an authenticated user to cause a denial of service due to improper validation of a specified quantity size input...

CVE-2025-36015 IBM Controller Denial of Service

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow an authenticated user to cause a denial of service due to improper validation of a specified quantity size input...

CVE-2025-36015

The CVE-2025-36015 entry affects IBM Controller (11.1.0–11.1.1) and IBM Cognos Controller (11.0.0–11.0.1 FP6). The vulnerability is caused by improper validation of a specified quantity size input, enabling an authenticated user to trigger a denial of service (availability impact: HIGH) without i...

CVE-2025-65228

A stored cross-site scripting vulnerability exists in the web management interface of the R.V.R. Elettronica TLK302T telemetry controller firmware 1.5.1799...

CVE-2025-14244

GreenCMS 2.3.0603 contains a cross-site scripting flaw in the Menu Management Page, due to improper handling of the Link parameter in /Admin/Controller/CustomController.class.php. The vulnerability can be triggered remotely, and exploits have been published. The issue affects products no longer m...

EUVD-2025-201704

A flaw has been found in GreenCMS 2.3.0603. Affected by this issue is some unknown functionality of the file /Admin/Controller/CustomController.class.php of the component Menu Management Page. This manipulation of the argument Link causes cross site scripting. The attack may be initiated remotely...

EUVD-2022-55684

In the Linux kernel, the following vulnerability has been resolved: drm/gud: Fix UBSAN warning UBSAN complains about invalid value for bool: 101.165172 drm Initialized gud 1.0.0 20200422 for 2-3.2:1.0 on minor 1 101.213360 gud 2-3.2:1.0: drm fb1: guddrmfb frame buffer device 101.213426 usbcore:...

CVE-2023-53757

In the Linux kernel, the following vulnerability has been resolved: irqchip/irq-mvebu-gicp: Fix refcount leak in mvebugicpprobe ofirqfindparent returns a node pointer with refcount incremented, We should use ofnodeput on it when not needed anymore. Add missing ofnodeput to avoid refcount leak...

DEBIAN-CVE-2023-53758

In the Linux kernel, the following vulnerability has been resolved: spi: atmel-quadspi: Free resources even if runtime resume failed in .remove An early error exit in atmelqspiremove doesn't prevent the device unbind. So this results in an spi controller with an unbound parent and unmapped regist...

CVE-2022-50618

In the Linux kernel, the following vulnerability has been resolved: mmc: meson-gx: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmcallochost is leaked. 2. In the remove path, mmcremovehost...

UBUNTU-CVE-2023-53758

In the Linux kernel, the following vulnerability has been resolved: spi: atmel-quadspi: Free resources even if runtime resume failed in .remove An early error exit in atmelqspiremove doesn't prevent the device unbind. So this results in an spi controller with an unbound parent and unmapped regist...

UBUNTU-CVE-2023-53760

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: mcq: Fix &hwq-cqlock deadlock issue When ufshcderrhandler is executed, CQ event interrupt can enter waiting for the same lock. This can happen in ufshcdhandlemcqcqevents and also in ufsmtkmcqintr. The following...

CVE-2023-53762

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in hcidisconnectallsync Use-after-free can occur in hcidisconnectallsync if a connection is deleted by concurrent processing of a controller event. To prevent this the code now tries to iterate over th...

CVE-2023-53758 spi: atmel-quadspi: Free resources even if runtime resume failed in .remove()

In the Linux kernel, the following vulnerability has been resolved: spi: atmel-quadspi: Free resources even if runtime resume failed in .remove An early error exit in atmelqspiremove doesn't prevent the device unbind. So this results in an spi controller with an unbound parent and unmapped regist...

CVE-2023-53758 spi: atmel-quadspi: Free resources even if runtime resume failed in .remove()

In the Linux kernel, the following vulnerability has been resolved: spi: atmel-quadspi: Free resources even if runtime resume failed in .remove An early error exit in atmelqspiremove doesn't prevent the device unbind. So this results in an spi controller with an unbound parent and unmapped regist...

CVE-2023-53758

The CVE-2023-53758 issue concerns the Linux kernel driver for the Atmel QuadSPI (spi: atmel-quadspi). The vulnerability arises when an early error path in atmel_qspi_remove() unbinds the device without properly freeing resources, leaving the SPI controller with an unbound parent and unmapped regi...

IBM Controller 安全漏洞

IBM Controller is a Web-based financial consolidation tool from International Business Machines IBM. A security vulnerability exists in IBM Controller versions 11.1.0 through 11.1.1 that originates from storing unencrypted sensitive information in environment variable files, which could lead to...

PT-2025-49488

In the Linux kernel, the following vulnerability has been resolved: spi: atmel-quadspi: Free resources even if runtime resume failed in .remove An early error exit in atmel qspi remove doesn't prevent the device unbind. So this results in an spi controller with an unbound parent and unmapped...