AZL-66410 CVE-2025-38528 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject %p% format string in bprintf-like helpers static const char fmt = "%p%"; bpftraceprintkfmt, sizeoffmt; The above BPF program isn't rejected and causes a kernel warning at runtime: Please remove unsupported %\x00 in...

DEBIAN-CVE-2025-38528

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject %p% format string in bprintf-like helpers static const char fmt = "%p%"; bpftraceprintkfmt, sizeoffmt; The above BPF program isn't rejected and causes a kernel warning at runtime: Please remove unsupported %\x00 in...

AZL-73557 CVE-2025-38528 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject %p% format string in bprintf-like helpers static const char fmt = "%p%"; bpftraceprintkfmt, sizeoffmt; The above BPF program isn't rejected and causes a kernel warning at runtime: Please remove unsupported %\x00 in...

UBUNTU-CVE-2025-38528

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject %p% format string in bprintf-like helpers static const char fmt = "%p%"; bpftraceprintkfmt, sizeoffmt; The above BPF program isn't rejected and causes a kernel warning at runtime: Please remove unsupported %\x00 in...

CVE-2025-38528 bpf: Reject %p% format string in bprintf-like helpers

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject %p% format string in bprintf-like helpers static const char fmt = "%p%"; bpftraceprintkfmt, sizeoffmt; The above BPF program isn't rejected and causes a kernel warning at runtime: Please remove unsupported %\x00 in...

CVE-2025-38528

CVE-2025-38528: In the Linux kernel, a BPF format-string handling flaw in bpf_bprintf_prepare could fail to reject a crafted %\x00 sequence, allowing a runtime kernel warning when a BPF program uses %p% (as shown by the example). A patch fixes this by ensuring punctuation isn’t skipped during pro...

CVE-2025-38528 bpf: Reject %p% format string in bprintf-like helpers

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject %p% format string in bprintf-like helpers static const char fmt = "%p%"; bpftraceprintkfmt, sizeoffmt; The above BPF program isn't rejected and causes a kernel warning at runtime: Please remove unsupported %\x00 in...

CVE-2025-38528

In the Linux kernel, the following vulnerability has been resolved: bpf: Reject %p% format string in bprintf-like helpers static const char fmt = "%p%"; bpftraceprintkfmt, sizeoffmt; The above BPF program isn't rejected and causes a kernel warning at runtime: Please remove unsupported %\x00 in...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the bpf rejection of the %p% format string, which may result in a kernel warning...

PT-2025-33571

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw in the BPF subsystem where the %p% format string in bprintf-like helpers is not rejected. This results in a kernel warning at runtime, specifically...

Ethereum Crypto Wallets under Address Poisoning: How Usable and Secure Are They?

Blockchain address poisoning is an emerging phishing attack that crafts "similar-looking" transfer records in the victim's transaction history, which aims to deceive victims and lure them into mistakenly transferring funds to the attacker. Recent works have shown that millions of Ethereum users...

CVE-2025-52620

HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting XSS vulnerability. The image upload functionality inadequately validated the submitted image format...

CVE-2025-52620 HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability

HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting XSS vulnerability. The image upload functionality inadequately validated the submitted image format...

CVE-2025-52620

CVE-2025-52620 affects HCL BigFix SaaS Authentication Service. The vulnerability is a Cross-Site Scripting (XSS) flaw arising from inadequate validation of submitted image formats in the image upload feature. Affected component is the image upload handling; root cause is insufficient validation l...

CVE-2025-52620 HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability

HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting XSS vulnerability. The image upload functionality inadequately validated the submitted image format...

CVE-2012-10055

ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory specifically WSACleanup from Ws232.dll...

CVE-2025-5048 DGN File Parsing Memory Corruption Vulnerability

A maliciously crafted DGN file, when linked or imported into Autodesk AutoCAD, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2025-5047 DGN File Parsing Uninitialized Variable Vulnerability

A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can force an Uninitialized Variable vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process...

CVE-2025-5047

Autodesk AutoCAD is affected by CVE-2025-5047 due to a vulnerability in parsing DGN files, arising from an uninitialized variable in memory access. The issue can allow crash, data leakage, or arbitrary code execution in the context of the current process. Public sources note this can be exploited...

OESA-2025-2051 libtiff security update

This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...