4334 matches found
CVE-2023-53183
...
CVE-2023-53183 btrfs: exit gracefully if reloc roots don't match
In the Linux kernel, the following vulnerability has been resolved: btrfs: exit gracefully if reloc roots don't match BUG Syzbot reported a crash that an ASSERT got triggered inside preparetomerge. CAUSE The root cause of the triggered ASSERT is we can have a race between quota tree creation and...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...
Amazon Linux 2023 : gstreamer1-plugins-good, gstreamer1-plugins-good-gtk (ALAS2023-2025-1185)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1185 advisory. In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure. CVE-2025-47183 I...
Medium: gstreamer1-plugins-good
Issue Overview: In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure. CVE-2025-47183 In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetrak function may read past t...
PT-2025-37611
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A reference count leak was resolved in the xvip graph dma init function within the Xilinx ViPP driver of the Linux kernel. The of get child by name function increments the reference...
PT-2025-37503
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A reference count leak bug was resolved in the of get ddr timings function within the Linux kernel. The issue occurs when iterating through child nodes and requires adding of node put ...
AZL-67205 CVE-2025-39759 affecting package kernel for versions less than 6.6.104.2-1
In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix race between quota disable and quota rescan ioctl There's a race between a task disabling quotas and another running the rescan ioctl that can result in a use-after-free of qgroup records from the...
CVE-2025-39738
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not allow relocation of partially dropped subvolumes BUG There is an internal report that balance triggered transaction abort, with the following call trace: item 85 key 594509824 169 0 itemoff 12599 itemsize 33 extent...
UBUNTU-CVE-2025-39759
In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix race between quota disable and quota rescan ioctl There's a race between a task disabling quotas and another running the rescan ioctl that can result in a use-after-free of qgroup records from the...
CVE-2025-39759
CVE-2025-39759 affects the Linux kernel’s btrfs quota subsystem. A race between disabling quotas and running btrfs_ioctl_quota_rescan() can lead to a use-after-free of qgroup records in fs_info->qgroup_tree due to Task B freeing qgroups without holding fs_info->qgroup_lock while Task A iter...
CVE-2025-39759 btrfs: qgroup: fix race between quota disable and quota rescan ioctl
In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix race between quota disable and quota rescan ioctl There's a race between a task disabling quotas and another running the rescan ioctl that can result in a use-after-free of qgroup records from the...
SUSE-SU-2025:03151-1 Security update for ImageMagick
This update for ImageMagick fixes the following issues: - CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate alpha channels bsc1248076. - CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces bsc1248077. -...
Linux Distros Unpatched Vulnerability : CVE-2024-5741
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 EOL CVE-2024-5741 Note that Nessus relies on the presence of the...
Missing Authorization
Overview typo3/cms-recordlist is a Lists database records in the TYPO3 backend module WebList. Affected versions of this package are vulnerable to Missing Authorization for the CSV download process. An attacker can access sensitive information from arbitrary database tables in the user's web...
Guided Reasoning in LLM-Driven Penetration Testing Using Structured Attack Trees
Recent advances in Large Language Models LLMs have driven interest in automating cybersecurity penetration testing workflows, offering the promise of faster and more consistent vulnerability assessment for enterprise systems. Existing LLM agents for penetration testing primarily rely on self-guid...
SUSE CVE-2025-39717
In the Linux kernel, the following vulnerability has been resolved: opentreeattr: do not allow id-mapping changes without OPENTREECLONE As described in commit 7a54947e727b 'Merge patch series "fs: allow changing idmappings"', opentreeattr2 was necessary in order to allow for a detached mount to b...
appRain CMF cross-site scripting vulnerability (CNVD-2025-21125)
appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/tree endpoint. An attacker could use this vulnerability to steal a victim's cookie-based authentication...
CVE-2025-41060
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/tree...
jfs: upper bound check of tree index in dbAllocAG
...