1709 matches found
DEBIAN-CVE-2025-13193
A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability...
BELL-CVE-2025-40165
Bulletin has no description...
BELL-CVE-2025-40170
Bulletin has no description...
BELL-CVE-2025-40158
Bulletin has no description...
BELL-CVE-2025-40144
Bulletin has no description...
BELL-CVE-2025-40134
Bulletin has no description...
BELL-CVE-2025-40110
Bulletin has no description...
Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2021-43396)
DISPUTED In iconvdata/iso-2022-jp-3.c in the GNU C Library aka glibc 2.34, remote attackers can force iconv to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv use cases. NOTE: the vendor...
CGA-XC3R-6CQP-H9VM
Bulletin has no description...
DEBIAN-CVE-2025-40167
In the Linux kernel, the following vulnerability has been resolved: ext4: detect invalid INLINEDATA + EXTENTS flag combination syzbot reported a BUGON in ext4escacheextent when opening a verity file on a corrupted ext4 filesystem mounted without a journal. The issue is that the filesystem has an...
DEBIAN-CVE-2025-40160
In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change findvirq to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUGON from bindvirqtoirq to propogate the error upwards. Some VIRQ...
DEBIAN-CVE-2025-40158
In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6output Use RCU in ip6output in order to use dstdevrcu to prevent possible UAF. We can remove rcureadlock/rcureadunlock pairs from ip6finishoutput2...
DEBIAN-CVE-2025-40157
In the Linux kernel, the following vulnerability has been resolved: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller When loading the i10nmedac driver on some Intel Granite Rapids servers, a call trace may appear as follows: UBSAN: shift-out-of-bounds in...
DEBIAN-CVE-2025-40148
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL pointer checks in dcstream cursor attribute functions The function dcstreamsetcursorattributes currently dereferences the stream pointer and nested members stream-ctx-dc-currentstate without checking for...
DEBIAN-CVE-2025-40149
In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...
DEBIAN-CVE-2025-40140
In the Linux kernel, the following vulnerability has been resolved: net: usb: Remove disruptive netifwakequeue in rtl8150setmulticast syzbot reported WARNING in rtl8150startxmit/usbsubmiturb. This is the sequence of events that leads to the warning: rtl8150startxmit netifstopqueue;...
DEBIAN-CVE-2025-40132
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sofsdw: Prevent jump to NULL addsidecar callback In createsdwdailink check that sofend-codecinfo-addsidecar is not NULL before calling it. The original code assumed that if includesidecar is true, the codec on that...
DEBIAN-CVE-2025-40116
In the Linux kernel, the following vulnerability has been resolved: usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup The kthreadrun function returns error pointers so the max3421hcd-spithread pointer can be either error pointers or NULL. Check for both before dereferencing i...
DEBIAN-CVE-2025-13020
Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...
DEBIAN-CVE-2025-13016
Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...