CVE-2026-49854 vulnerabilities

Vulnerabilities for packages: tensorflow-cpu-jupyter...

CVE-2026-44075

A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPTATTNQUANT switch case to fall through into DSIOPTSERVQUANT, resulting in unintended session option handling that may allow a remote attacker to cause a minor service disruption via crafted DSI...

CVE-2023-2593

A flaw exists within the Linux kernel's handling of new TCP connections. The issue results from the lack of memory release after its effective lifetime. This vulnerability allows an unauthenticated attacker to create a denial of service condition on the system...

CVE-2025-38420

In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: do not ping device which has failed to load firmware Syzkaller reports 1, 2 crashes caused by an attempts to ping the device which has failed to load firmware. Since such a device doesn't pass 'ieee80211registerhw...

CVE-2025-7797

A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is the function gfdashdownloadinitsegment of the file src/mediatools/dashclient.c. The manipulation of the argument baseiniturl leads to null pointer dereference. The attack may be launched...

CVE-2025-38139

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix oops in write-retry from mis-resetting the subreq iterator Fix the resetting of the subrequest iterator in netfsretrywritestream to use the iterator-reset function as the iterator may have been shortened by a previous...

CVE-2022-50196

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: ocmem: Fix refcount leak in ofgetocmem ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak. ofnodeput will...

CVE-2022-50080

In the Linux kernel, the following vulnerability has been resolved: tee: add overflow check in registershmhelper With special lengths supplied by user space, registershmhelper has an integer overflow when calculating the number of pages covered by a supplied user space memory region. This causes...

CVE-2025-37944

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid entry fetch in ath12kdpmonsrngprocess Currently, ath12kdpmonsrngprocess uses ath12khalsrngsrcgetnextentry to fetch the next entry from the destination ring. This is incorrect because...

CVE-2025-37917

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll Use spinlockirqsave and spinunlockirqrestore instead of spinlock and spinunlock in mtkstaremac driver to avoid spinlock recursion occurrence that can happe...

CVE-2025-4476

A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 Unauthorized HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed...

CVE-2025-47928

Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using pullrequesttarget on .github/workflows/integrationtests.yml followed by the checking out the head.sha of a forked PR can be exploited by attackers, since untrusted code can be execute...

CVE-2022-49833

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: clone zoned device info when cloning a device When cloning a btrfsdevice, we're not cloning the associated btrfszoneddeviceinfo structure of the device in case of a zoned filesystem. Later on this leads to a NULL...

CVE-2022-49880

In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in 'ext4dareleasespace' Syzkaller report issue as follows: EXT4-fs loop0: Free/Dirty block details EXT4-fs loop0: freeblocks=0 EXT4-fs loop0: dirtyblocks=0 EXT4-fs loop0: Block reservation details EXT4-fs loop0:...

CVE-2022-49809

In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix skb leak in x25lapbreceiveframe x25lapbreceiveframe using skbcopy to get a private copy of skb, the new skb should be freed in the undersized/fragmented skb error handling path. Otherwise there is a memory leak...

CVE-2025-37769

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm/smu11: Prevent division by zero The user can set any speed value. If speed is greater than UINTMAX/8, division by zero is possible. Found by Linux Verification Center linuxtesting.org with SVACE. cherry picked from...

CVE-2025-22114

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't clobber ret in btrfsvalidatesuper Commit 2a9bb78cfd36 "btrfs: validate system chunk array at btrfsvalidatesuper" introduces a call to validatesyschunkarray in btrfsvalidatesuper, which clobbers the value of ret set...

CVE-2025-32776

OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. By writing specially crafted data to the matrixcustomframe file, an attacker can cause the custom kernel driver to read more bytes than provided by user space. This data will...

CVE-2024-45699

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the abo...

CVE-2025-21964

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acregmax mount option User-provided mount parameter acregmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies...