Linux Distros Unpatched Vulnerability : CVE-2024-27058

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tmpfs: fix race on handling dquot rbtree A syzkaller reproducer found a race while attemptin...

The vulnerability of the read_one inode() function in the fs/btrfs/tree-log.c module of the Linux kernel allows a hacker to cause a service failure.

The vulnerability of the readone inode function in the fs/btrfs/tree-log.c module of the Linux kernel is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

Selective KV-Cache Sharing to Mitigate Timing Side-Channels in LLM Inference

Global KV-cache sharing has emerged as a key optimization for accelerating large language model LLM inference. However, it exposes a new class of timing side-channel attacks, enabling adversaries to infer sensitive user inputs via shared cache entries. Existing defenses, such as per-user isolatio...

PT-2025-40097

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the dmaengine subsystem, specifically within the Qualcomm BAM DMA driver. Insufficient error handling when required device tree properties clock and...

Linux Distros Unpatched Vulnerability : CVE-2022-50045

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: powerpc/pci: Fix getphbnumber locking The recent change to getphbnumber causes a...

Linux Distros Unpatched Vulnerability : CVE-2022-48877

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: let's avoid panic if extenttree is not created This patch avoids the below panic. pc : lookupextenttree+0xd8/0x760 lr : f2fsdowritedatapage+0x104/0x87c sp...

CVE-2025-8806

A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been classified as critical. This affects an unknown part of the file /adpweb/a/sys/office/treeData. The manipulation of the argument extId leads to sql injection. It is possible to initiate...

Linux Distros Unpatched Vulnerability : CVE-2022-50195

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ARM: dts: qcom: replace gcc PXO with pxoboard fixed clock Replace gcc PXO phandle to pxoboard fixed clock declared in the dts. gcc driver doesn't provide PXOSRC...

Linux Distros Unpatched Vulnerability : CVE-2022-49832

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pinctrl: devicetree: fix null pointer dereferencing in pinctrldttomap Here is the BUG report by KASAN about null pointer dereference: BUG: KASAN: null-ptr-deref...

PT-2025-32480 · Zhilink 智互联(深圳)科技有限公司 · Adp Application Developer Platform

Name of the Vulnerable Software and Affected Versions: zhilink 智互联深圳科技有限公司 ADP Application Developer Platform version 1.0.0 Description: A critical issue exists in the zhilink 智互联深圳科技有限公司 ADP Application Developer Platform. The vulnerability is due to a SQL injection that can be triggered by...

Linux Distros Unpatched Vulnerability : CVE-2025-21959

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nfconncount: Fully initialize struct nfconncounttuple in inserttree Since commit b36e4523d4d5 netfilter: nfconncount: fix garbage collection confirm...

Linux Distros Unpatched Vulnerability : CVE-2025-38260

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: btrfs: handle csum tree error with rescue=ibadroots correctly BUG There is syzbot based...

SUSE CVE-2023-5528

A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes...

Linux Distros Unpatched Vulnerability : CVE-2023-3866

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in the compound request This patch validate session i...

Linux Distros Unpatched Vulnerability : CVE-2025-37865

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported Russell King...

CVE-2025-47183

In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the qtdemuxparsetree function when parsing certain MP4 files. An attacker can access sensitive information by crafting a malicious MP4 file that triggers a read past the end of a heap buffer. Remediation Upgrade...

btrfs: handle csum tree error with rescue=ibadroots correctly

...

libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

CVE-2025-47183

In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure...