4299 matches found
PT-2025-49457
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a use-after-free UAF issue between the regulator and multi-function device mfd subsystems. This occurs because the regulator core allocates init data resources ...
Linux Distros Unpatched Vulnerability : CVE-2025-40271
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set the node to EMPTY, which may result in uaf access. We should us...
PT-2025-49430
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a use-after-free issue within the networking bridge component. This flaw arises from a race condition during the deletion of a forwarding database fdb entry,...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the regulator kernel using the same device for resource allocation and DT lookups, which could lead to UAF...
Linux Distros Unpatched Vulnerability : CVE-2022-50616
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - regulator: core: Use different devices for resource allocation and DT lookup Following by the below discussion, there's the potential UAF issue between regulato...
CVE-2025-40271
In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set the node to EMPTY, which may result in uaf access. We should use RBCLEARNODE set the erased node to EMPTY, then pdesubdirnext will...
EUVD-2025-201584
In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set the node to EMPTY, which may result in uaf access. We should use RBCLEARNODE set the erased node to EMPTY, then pdesubdirnext will...
DEBIAN-CVE-2025-40271
In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set the node to EMPTY, which may result in uaf access. We should use RBCLEARNODE set the erased node to EMPTY, then pdesubdirnext will...
UBUNTU-CVE-2025-40271
In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set the node to EMPTY, which may result in uaf access. We should use RBCLEARNODE set the erased node to EMPTY, then pdesubdirnext will...
CVE-2025-40271 fs/proc: fix uaf in proc_readdir_de()
In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set the node to EMPTY, which may result in uaf access. We should use RBCLEARNODE set the erased node to EMPTY, then pdesubdirnext will...
CVE-2025-40271
In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set the node to EMPTY, which may result in uaf access. We should use RBCLEARNODE set the erased node to EMPTY, then pdesubdirnext will...
CVE-2025-40271
CVE-2025-40271 affects the Linux kernel fs/proc code. The vulnerability arises in proc_readdir_de() where a node erased from the subdir red-black tree is not cleared (RB_CLEAR_NODE), leaving the pde_subdir_next() path able to return a freed node (UAF). Affected code path: proc_readdir(), pde_get(...
CVE-2025-66574
TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the Open Object in Tree endpoint, allowing attackers to steal session cookies and potentially escalate privileges...
CVE-2025-66574
TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the Open Object in Tree endpoint, allowing attackers to steal session cookies and potentially escalate privileges...
CVE-2025-66574 TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS)
TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the Open Object in Tree endpoint, allowing attackers to steal session cookies and potentially escalate privileges...
CVE-2025-66574 TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS)
TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the Open Object in Tree endpoint, allowing attackers to steal session cookies and potentially escalate privileges...
CVE-2025-66574
Summary: TranzAxis 3.2.41.10.26 is vulnerable to a stored XSS via the Open Object in Tree API endpoint. This authenticated-user vulnerability can lead to session cookie theft and potential privilege escalation. Root cause: stored cross-site scripting in the Open Object in Tree endpoint. Affected ...
CVE-2025-40235
In the Linux kernel, the following vulnerability has been resolved: btrfs: directly free partially initialized fsinfo in btrfscheckleakedroots If fsinfo-supercopy or fsinfo-superforcommit allocated failed in btrfsgettreesubvol, then no need to call btrfsfreefsinfo. Otherwise btrfscheckleakedroots...
EUVD-2025-201224
In the Linux kernel, the following vulnerability has been resolved: btrfs: directly free partially initialized fsinfo in btrfscheckleakedroots If fsinfo-supercopy or fsinfo-superforcommit allocated failed in btrfsgettreesubvol, then no need to call btrfsfreefsinfo. Otherwise btrfscheckleakedroots...
PT-2025-49150
Name of the Vulnerable Software and Affected Versions TranzAxis version 3.2.41.10.26 Description Authenticated users can inject cross-site scripting through the Open Object in Tree API endpoint. Successful exploitation may allow attackers to steal session cookies and potentially escalate...