15 matches found
CVE-2025-58767
REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these...
CVE-2023-53332
In the Linux kernel, the following vulnerability has been resolved: genirq/ipi: Fix NULL pointer deref in irqdatagetaffinitymask If ipisendmask|single is called with an invalid interrupt number, all the local variables there will be NULL. ipisendverify which is invoked from these functions does...
CVE-2025-39824
In the Linux kernel, the following vulnerability has been resolved: HID: asus: fix UAF via HIDCLAIMEDINPUT validation After hidhwstart is called hidinputconnect will eventually be called to set up the device with the input layer since the HIDCONNECTDEFAULT connect mask is used. During...
CVE-2025-45091
Seafile versions 11.0.18-Pro, 12.0.10, and 12.0.10-Pro are vulnerable to a stored Cross-Site Scripting XSS attack. An authenticated attacker can exploit this vulnerability by modifying their username to include a malicious XSS payload in notification and activities...
CVE-2023-53227
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2023-53219
In the Linux kernel, the following vulnerability has been resolved: media: netupunidvb: fix use-after-free at deltimer When Universal DVB card is detaching, netupunidvbdmafini uses deltimer to stop dma-timeout timer. But when timer handler netupunidvbdmatimeout is running, deltimer could not stop...
CVE-2023-53239
In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Add check for kzalloc As kzalloc may fail and return NULL pointer, it should be better to check the return value in order to avoid the NULL pointer dereference. Patchwork:...
CVE-2023-53259
In the Linux kernel, the following vulnerability has been resolved: VMCI: check context-notifypage after call to getuserpagesfast to avoid GPF The call to getuserpagesfast in vmcihostsetupnotify can return NULL context-notifypage causing a GPF. To avoid GPF check if context-notifypage == NULL and...
CVE-2022-50248
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix double free on tx path. We see kernel crashes and lockups and KASAN errors related to ax210 firmware crashes. One of the KASAN dumps pointed at the tx path, and it appears there is indeed a way to...
CVE-2022-50259
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: fix race in sockmapfree sockmapfree calls releasesocksk without owning a reference on the socket. This can cause use-after-free as syzbot found 1 Jakub Sitnicki already took care of a similar issue in sockhashfree i...
CVE-2025-39802
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: arm/poly1305: Fix register corruption in no-SIMD contexts Restore the SIMD usability check that was removed by commit 773426f4771b "crypto: arm/poly1305 - Add block-only interface". This safety check is cheap and is...
CVE-2025-39798
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix the setting of capabilities when automounting a new filesystem Capabilities cannot be inherited when we cross into a new filesystem. They need to be reset to the minimal defaults, and then probed for again...
CVE-2025-39771
In the Linux kernel, the following vulnerability has been resolved: regulator: pca9450: Use devmregistersysoffhandler With module test, there is error dump: ------------ cut here ------------ notifier callback pca9450i2crestarthandler already registered WARNING: kernel/notifier.c:23 at...
CVE-2025-39739
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-qcom: Add SM6115 MDSS compatible Add the SM6115 MDSS compatible to clients compatible list, as it also needs that workaround. Without this workaround, for example, QRB4210 RB2 which is based on SM4250/SM6115...
CVE-2025-39772
In the Linux kernel, the following vulnerability has been resolved: drm/hisilicon/hibmc: fix the hibmc loaded failed bug When hibmc loaded failed, the driver use hibmcunload to free the resource, but the mutexes in mode.config are not init, which will access an NULL pointer. Just change goto...