Qualcomm Chipsets 资源管理错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A resource management error vulnerability exists in Qualcomm Chipsets, which stems from the possibility of memory corruption due to concurrent multi-threaded map/unmap buffers when processing IOCTL commands...

PT-2025-32032 · WordPress · Esri-Map-View

Name of the Vulnerable Software and Affected Versions: esri-map-view plugin for WordPress versions through 1.2.3 Description: The esri-map-view plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s esri-map-view shortcode. Insufficient input sanitization and outp...

WordPress esri-map-view plugin <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via esri-map-view Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via esri-map-view Shortcode vulnerability discovered by Gilang in WordPress Plugin esri-map-view versions = 1.2.3...

xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability

A flaw was found in the X.org server. Due to improperly tracked allocation size in XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org serv...

WordPress Google Map Targeting Plugin <= 1.1.6 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by LVT-tholv2k in WordPress Plugin GMap Targeting versions = 1.1.6...

SUSE CVE-2025-38486

In the Linux kernel, the following vulnerability has been resolved: soundwire: Revert "soundwire: qcom: Add setchannelmap api support" This reverts commit 7796c97df6b1b2206681a07f3c80f6023a6593d5. This patch broke Dragonboard 845c sdm845. I see: Unexpected kernel BRK exception at EL1 Internal...

CVE-2025-38486 soundwire: Revert "soundwire: qcom: Add set_channel_map api support"

In the Linux kernel, the following vulnerability has been resolved: soundwire: Revert "soundwire: qcom: Add setchannelmap api support" This reverts commit 7796c97df6b1b2206681a07f3c80f6023a6593d5. This patch broke Dragonboard 845c sdm845. I see: Unexpected kernel BRK exception at EL1 Internal...

CVE-2025-38486

In the Linux kernel, the following vulnerability has been resolved: soundwire: Revert "soundwire: qcom: Add setchannelmap api support" This reverts commit 7796c97df6b1b2206681a07f3c80f6023a6593d5. This patch broke Dragonboard 845c sdm845. I see: Unexpected kernel BRK exception at EL1 Internal...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a crash caused by the setchannelmap API support...

CVE-2025-38401

In the Linux kernel, the following vulnerability has been resolved: mtk-sd: Prevent memory corruption from DMA map failure If msdcpreparedata fails to map the DMA region, the request is not prepared for data receiving, but msdcstartdata proceeds the DMA with previous setting. Since this will lead...

DEBIAN-CVE-2025-38401

In the Linux kernel, the following vulnerability has been resolved: mtk-sd: Prevent memory corruption from DMA map failure If msdcpreparedata fails to map the DMA region, the request is not prepared for data receiving, but msdcstartdata proceeds the DMA with previous setting. Since this will lead...

AZL-65738 CVE-2025-38401 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: mtk-sd: Prevent memory corruption from DMA map failure If msdcpreparedata fails to map the DMA region, the request is not prepared for data receiving, but msdcstartdata proceeds the DMA with previous setting. Since this will lead...

AZL-73022 CVE-2025-38401 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: mtk-sd: Prevent memory corruption from DMA map failure If msdcpreparedata fails to map the DMA region, the request is not prepared for data receiving, but msdcstartdata proceeds the DMA with previous setting. Since this will lead...

CVE-2025-38401 mtk-sd: Prevent memory corruption from DMA map failure

In the Linux kernel, the following vulnerability has been resolved: mtk-sd: Prevent memory corruption from DMA map failure If msdcpreparedata fails to map the DMA region, the request is not prepared for data receiving, but msdcstartdata proceeds the DMA with previous setting. Since this will lead...

CVE-2025-38401

The CVE-2025-38401 issue affects the Linux kernel’s mtk-sd driver, where a DMA map failure in msdc_prepare_data() could lead to memory corruption if data DMA is started with stale settings. The vulnerability’s description and related advisories (including Debian LTS DLA entries and Amazon Linux A...

CVE-2025-38401

In the Linux kernel, the following vulnerability has been resolved: mtk-sd: Prevent memory corruption from DMA map failure If msdcpreparedata fails to map the DMA region, the request is not prepared for data receiving, but msdcstartdata proceeds the DMA with previous setting. Since this will lead...

CVE-2025-2634 Out of Bounds Read Vulnerability in NI LabVIEW when building font map

Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and...

CVE-2025-2634 Out of Bounds Read Vulnerability in NI LabVIEW when building font map

Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and...

CVE-2025-2634

CVE-2025-2634 describes an out-of-bounds read in NI LabVIEW, specifically the fontmgr component, caused by improper bounds checking. The vulnerability may disclose information or allow arbitrary code execution. Exploitation requires a user to open a specially crafted VI, indicating a user-assiste...

CVE-2025-7660

The Map My Locations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mapmylocations' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...