227 matches found
CVE-2025-38060
CVE-2025-38060 – Linux kernel (BPF verifier): The issue arises because copy_verifier_state() does not copy the .loop_entry field, allowing env->cur_state and env->stack to become inconsistent and potentially poison states. The fix requires copying loop_entry in copy_verifier_state() and ens...
CVE-2025-38060 bpf: copy_verifier_state() should copy 'loop_entry' field
In the Linux kernel, the following vulnerability has been resolved: bpf: copyverifierstate should copy 'loopentry' field The bpfverifierstate.loopentry state should be copied by copyverifierstate. Otherwise, .loopentry values from unrelated states would poison env-curstate. Additionally, env-stac...
UBUNTU-CVE-2025-2336
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and...
CVE-2025-2336 AngularJS improper sanitization in SVG '<image>' element with 'ngSanitize'
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and...
CVE-2025-2336
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and...
CVE-2024-33001
SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimat...
CVE-2024-56442
Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...
CVE-2024-13058
An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products such ...
CVE-2022-1099
Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab...
CVE-2020-4100
"HCL Verse for Android was found to employ dynamic code loading. This mechanism allows a developer to specify which components of the application should not be loaded by default when the application is started. Typically, core components and additional dependencies are loaded natively at runtime;...
Hotfix XS82ECU1086 - For Citrix Hypervisor 8.2 Cumulative Update 1
Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2 Cumulative Update 1 and is only available to customers on theCustomer Success Servicesprogram. All customers who are affected by the issues described inCTX693178 - Citrix Hypervisor Security Bulletinshoul...
CVE-2025-37821 sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash
In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Fix se-slice being set to U64MAX and resulting crash There is a code path in dequeueentities that can set the slice of a schedentity to U64MAX, which sometimes results in a crash. The offending case is when...
CVE-2025-32972
XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki is incorrectly checking for rights when calling the cache cleaning API, makin...
CVE-2022-49872 net: gso: fix panic on frag_list with mixed head alloc types
In the Linux kernel, the following vulnerability has been resolved: net: gso: fix panic on fraglist with mixed head alloc types Since commit 3dcbdb134f32 "net: gso: Fix skbsegment splat when splitting gsosize mangled skb having linear-headed fraglist", it is allowed to change gsosize of a GRO...
CVE-2022-49872
The CVE-2022-49872 issue affects the Linux kernel’s net: gso path. A GRO packet can have its gso_size changed and the existing assumption that checking the first list_skb member is sufficient is violated when skbs on the frag_list have differing head_frag heads. This can trigger a BUG_ON in skb_s...
CVE-2025-32972 The lesscss script service allows cache clearing without programming right
XWiki is a generic wiki platform. In versions starting from 6.1-milestone-1 to before 15.10.12, from 16.0.0-rc-1 to before 16.4.3, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the script API of the LESS compiler in XWiki is incorrectly checking for rights when calling the cache cleaning API, makin...
CVE-2025-32972
Vulnerability summary (CVE-2025-32972) : XWiki is affected in versions 6.1-milestone-1 to before 15.10.12, 16.0.0-rc-1 to before 16.4.3, and 16.5.0-rc-1 to before 16.8.0-rc-1. The issue is in the script API of the LESS compiler where it incorrectly checks rights when invoking the cache cleaning A...
AngularJS improperly sanitizes SVG elements
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and also negatively affect...
UBUNTU-CVE-2025-0716
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and also negatively affect...
PT-2025-18293 · Xwiki · Xwiki
Name of the Vulnerable Software and Affected Versions: XWiki versions 6.1-milestone-1 through 15.10.12 XWiki versions 16.0.0-rc-1 through 16.4.3 XWiki versions 16.5.0-rc-1 through 16.8.0-rc-1 Description: The script API of the LESS compiler in XWiki is incorrectly checking for rights when calling...