108 matches found
CVE-2025-37969
In the Linux kernel, the following vulnerability has been resolved: iio: imu: stlsm6dsx: fix possible lockup in stlsm6dsxreadtaggedfifo Prevent stlsm6dsxreadtaggedfifo from falling in an infinite loop in case patternlen is equal to zero and the device FIFO is not empty...
CVE-2025-37821
In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Fix se-slice being set to U64MAX and resulting crash There is a code path in dequeueentities that can set the slice of a schedentity to U64MAX, which sometimes results in a crash. The offending case is when...
CVE-2022-49847
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: Fix segmentation fault at module unload Move am65cpswnussphylinkcleanup call to after am65cpswnusscleanupndev so phylink is still valid to prevent the below Segmentation fault on module remove when...
CVE-2025-23153
In the Linux kernel, the following vulnerability has been resolved: arm/crc-t10dif: fix use of out-of-scope array in crct10difarch Fix a silly bug where an array was used outside of its scope...
CVE-2024-58099
In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3xdpxmitframe Andrew and Nikolay reported connectivity issues with Cilium's service load-balancing in case of vmxnet3. If a BPF program for native XDP adds an encapsulation header such as...
CVE-2025-3638
A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery CSRF risk...
CVE-2023-43378
A cross-site scripting XSS vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento11 parameter...
CVE-2025-3121
A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jitmodulefromflatbuffer. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used...
CVE-2025-21937
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Add check for mgmtallocskb in mgmtremotename Add check for the return value of mgmtallocskb in mgmtremotename to prevent null pointer dereference...
CVE-2025-21918
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix NULL pointer access Resources should be released only after all threads that utilize them have been destroyed. This commit ensures that resources are not released prematurely by waiting for the associated...
CVE-2025-21934
In the Linux kernel, the following vulnerability has been resolved: rapidio: fix an API misues when rioaddnet fails rioaddnet calls deviceregister and fails when deviceregister fails. Thus, putdevice should be used rather than kfree. Add "mport-net = NULL;" to avoid a use after free issue...
CVE-2023-53000
In the Linux kernel, the following vulnerability has been resolved: netlink: prevent potential spectre v1 gadgets Most netlink attributes are parsed and validated from nlavalidateparse or validatenla u16 type = nlatypenla; if type == 0 || type maxtype / error or continue / @type is then used as a...
CVE-2025-27405
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of tha...
webkit2gtk3 security update
2.46.6-2 - Add patch for CVE-2025-24201...
CVE-2024-56769 affecting package kernel for versions less than 6.6.76.1-1
CVE-2024-56769 affecting package kernel for versions less than 6.6.76.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-58083
In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvmgetvcpu Explicitly verify the target vCPU is fully online prior to clamping the index in kvmgetvcpu. If the index is "bad", the nospec clamping will generate '0', i.e. KVM will...
firefox security update
128.8.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 128.8.0 - Add debranding patches Mustafa Gezen - Add OpenELA default preferences Louis Abel 128.8.0-1 - Update to 128.8.0 build1...
CVE-2025-21784
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: bail out when failed to load fw in pspinitcapmicrocode In function pspinitcapmicrocode, it should bail out when failed to load firmware, otherwise it may cause invalid memory access...
CVE-2024-58002
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Remove dangling pointers When an async control is written, we copy a pointer to the file handle that started the operation. That pointer will be used when the device is done. Which could be anytime in the future...
CVE-2024-57975
In the Linux kernel, the following vulnerability has been resolved: btrfs: do proper folio cleanup when rundelallocnocow failed BUG With CONFIGDEBUGVM set, test case generic/476 has some chance to crash with the following VMBUGONFOLIO: BTRFS error device dm-3: cowfilerange failed, start 1146880 e...