2995 matches found
CVE-2025-38244
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential deadlock when reconnecting channels Fix cifssignalcifsdforreconnect to take the correct lock order and prevent the following deadlock from happening =====================================================...
CVE-2025-38247
In the Linux kernel, the following vulnerability has been resolved: userns and mntidmap leak in opentreeattr2 Once wantmountsetattr has returned a positive, it does require finishmountkattr to release -mntuserns. Failing domountsetattr does not change that. As the result, we can end up leaking...
CVE-2025-38262
In the Linux kernel, the following vulnerability has been resolved: tty: serial: uartlite: register uart driver in init When two instances of uart devices are probing, a concurrency race can occur. If one thread calls uartregisterdriver function, which first allocates and assigns memory to...
CVE-2025-38251
In the Linux kernel, the following vulnerability has been resolved: atm: clip: prevent NULL deref in clippush Blamed commit missed that vccdestroysocket calls clippush with a NULL skb. If clipdevs is NULL, clippush then crashes when reading skb-truesize...
CVE-2025-38241
In the Linux kernel, the following vulnerability has been resolved: mm/shmem, swap: fix softlockup with mTHP swapin Following softlockup can be easily reproduced on my test machine with: echo always /sys/kernel/mm/transparenthugepage/hugepages-64kB/enabled swapon /dev/zram0 zram0 is a 48G swap...
CVE-2025-38255
In the Linux kernel, the following vulnerability has been resolved: lib/groupcpus: fix NULL pointer dereference from groupcpusevenly While testing nullblk with configfs, echo 0 pollqueues will trigger following panic: BUG: kernel NULL pointer dereference, address: 0000000000000010 Oops: Oops: 000...
CVE-2025-0928
In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned binaries to new or...
CVE-2025-27614
Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... supplied by the attacker by invoking...
CVE-2025-6714
MongoDB Server's mongos component can become unresponsive to new connections due to incorrect handling of incomplete data. This affects MongoDB when configured with load balancer support. This issue affects MongoDB Server v6.0 prior to 6.0.23, MongoDB Server v7.0 prior to 7.0.20 and MongoDB Serve...
CVE-2025-6713
An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisation. This issue affects MongoDB Server MongoDB...
CVE-2025-53603
In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHashMap.m allows a NULL pointer dereference and SOGo crash via a request in which a parameter in the query string is a duplicate of a parameter in the POST body...
CVE-2025-7069
A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FSsectlinksize of the file src/H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to t...
CVE-2025-52496
Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery...
CVE-2025-49601
In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsimportpublickey does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtlslmsimportpublickey allows context-dependent...
CVE-2025-49600
In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsverify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS Leighton-Micali Signature forgery in a fault scenario. Specifically, unchecked return values in mbedtlslmsverify allow an attacker who can induce ...
CVE-2025-38211
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cmid destruction The commit 59c68ac31e15 "iwcm: free cmid resources on the last deref" simplified cmid resource management by freeing cmid once all references to the cmid were...
CVE-2025-38181
In the Linux kernel, the following vulnerability has been resolved: calipso: Fix null-ptr-deref in calipsoreqset,delattr. syzkaller reported a null-ptr-deref in sockomalloc while allocating a CALIPSO option. 0 The NULL is of struct sock, which was fetched by sktofullsk in calipsoreqsetattr. Since...
CVE-2025-38219
In the Linux kernel, the following vulnerability has been resolved: f2fs: prevent kernel warning due to negative inlink from corrupted image WARNING: CPU: 1 PID: 9426 at fs/inode.c:417 dropnlink+0xac/0xd0 home/cc/linux/fs/inode.c:417 Modules linked in: CPU: 1 UID: 0 PID: 9426 Comm: syz-executor56...
CVE-2025-38209
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: remove tag set when second admin queue config fails Commit 104d0e2f6222 "nvme-fabrics: reset admin connection for secure concatenation" modified nvmetcpsetupctrl to call nvmetcpconfigureadminqueue twice. The first call...
CVE-2025-38201
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX Otherwise, it is possible to hit WARNONONCE in kvmallocnodenoprof when resizing hashtable because GFPNOWARN is unset. Similar to: b541ba7d1f5a "netfilter: conntrack...