CVE-2025-2913

A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FLblkgclist of the file src/H5FL.c. The manipulation of the argument H5FLblkheadt leads to use after free. An attack has to be approached locally. The exploit has been disclosed...

CVE-2025-30211

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names 64 characters provided in K...

CVE-2025-29768 affecting package vim for versions less than 9.1.1198-1

CVE-2025-29768 affecting package vim for versions less than 9.1.1198-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-1860

Data::Entropy for Perl 0.007 and earlier use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

CVE-2023-6004 affecting package libssh for versions less than 0.10.6-1

CVE-2023-6004 affecting package libssh for versions less than 0.10.6-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-48666 affecting package kernel for versions less than 5.15.176.3-3

CVE-2022-48666 affecting package kernel for versions less than 5.15.176.3-3. A patched version of the package is available...

CVE-2022-49754

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix a buffer overflow in mgmtmeshadd Smatch Warning: net/bluetooth/mgmtutil.c:375 mgmtmeshadd error: memcpy 'meshtx-param' too small 48 vs 50 Analysis: 'meshtx-param' is array of size 48. This is the destination. u8...

CVE-2022-49761

In the Linux kernel, the following vulnerability has been resolved: btrfs: always report error in runonedelayedref Currently we have a btrfsdebug for runonedelayedref failure, but if end users hit such problem, there will be no chance that btrfsdebug is enabled. This can lead to very little usefu...

CVE-2022-49757

In the Linux kernel, the following vulnerability has been resolved: EDAC/highbank: Fix memory leak in highbankmcprobe When devresopengroup fails, it returns -ENOMEM without freeing memory allocated by edacmcalloc. Call edacmcfree on the error handling path to avoid a memory leak. bp: Massage comm...

CVE-2022-49738

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on iextraisize in isalive syzbot found a f2fs bug: BUG: KASAN: slab-out-of-bounds in datablkaddr fs/f2fs/f2fs.h:2891 inline BUG: KASAN: slab-out-of-bounds in isalive fs/f2fs/gc.c:1117 inline BUG: KASA...

CVE-2023-53031

In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Fix use of mutex in IRQs disabled section Current imc-pmu code triggers a WARNING with CONFIGDEBUGATOMICSLEEP and CONFIGPROVELOCKING enabled, while running a threadimc event. Command to trigger the warning: perf...

CVE-2022-49743

In the Linux kernel, the following vulnerability has been resolved: ovl: Use "buf" flexible array for memcpy destination The "buf" flexible array needs to be the memcpy destination to avoid false positive run-time warning from the recent FORTIFYSOURCE hardening: memcpy: detected field-spanning...

CVE-2023-53003

In the Linux kernel, the following vulnerability has been resolved: EDAC/qcom: Do not pass llccdrivdata as edacdevicectlinfo's pvtinfo The memory for llccdrivdata is allocated by the LLCC driver. But when it is passed as the private driver info to the EDAC core, it will get freed during the...

CVE-2022-49741

In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: fix error handling code in ufxusbprobe The current error handling code in ufxusbprobe have many unmatching issues, e.g., missing ufxfreeusblist, destroymodedb label should only include framebufferrelease,...

CVE-2011-2411 vulnerabilities

Vulnerabilities for packages: samba...

CVE-2025-29778 vulnerabilities

Vulnerabilities for packages: kyverno-notation-aws...

GHSA-X6H9-CX79-JJJV vulnerabilities

Vulnerabilities for packages: unixodbc...

CVE-2025-21875

In the Linux kernel, the following vulnerability has been resolved: mptcp: always handle address removal under msk socket lock Syzkaller reported a lockdep splat in the PM control path: WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 sockownedbyme include/net/sock.h:1711 inline WARNING: CP...

CVE-2025-30355

Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...

CVE-2025-31160

atop through 2.11.0 allows local users to cause a denial of service e.g., assertion failure and application exit or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop...