UBUNTU-CVE-2023-53713

In the Linux kernel, the following vulnerability has been resolved: arm64: sme: Use STR P to clear FFR context field in streaming SVE mode The FFR is a predicate register which can vary between 16 and 256 bits in size depending upon the configured vector length. When saving the SVE state in...

CVE-2023-53713 arm64: sme: Use STR P to clear FFR context field in streaming SVE mode

In the Linux kernel, the following vulnerability has been resolved: arm64: sme: Use STR P to clear FFR context field in streaming SVE mode The FFR is a predicate register which can vary between 16 and 256 bits in size depending upon the configured vector length. When saving the SVE state in...

CVE-2023-53713

CVE-2023-53713 affects the Linux kernel on arm64 with SME in streaming SVE mode. The vulnerability arises from clearing the FFR context field using an unconditional 8-byte store, which may fail to clear the entire field or corrupt memory if the SME vector length is not 64 bytes. The fix replaces ...

CVE-2023-53713 arm64: sme: Use STR P to clear FFR context field in streaming SVE mode

In the Linux kernel, the following vulnerability has been resolved: arm64: sme: Use STR P to clear FFR context field in streaming SVE mode The FFR is a predicate register which can vary between 16 and 256 bits in size depending upon the configured vector length. When saving the SVE state in...

CVE-2023-53702 s390/crypto: use vector instructions only if available for ChaCha20

In the Linux kernel, the following vulnerability has been resolved: s390/crypto: use vector instructions only if available for ChaCha20 Commit 349d03ffd5f6 "crypto: s390 - add crypto library interface for ChaCha20" added a library interface to the s390 specific ChaCha20 implementation. However no...

CVE-2023-53702

CVE-2023-53702 concerns the s390 ChaCha20 vector-accelerator path in the Linux kernel. The ChaCha20 library interface added in commit 349d03ffd5f6 allows using assembler vector instructions when available, but a MACHINE_HAS_VX check was not added, causing a crash if vector facilities are absent (...

CVE-2023-53702 s390/crypto: use vector instructions only if available for ChaCha20

In the Linux kernel, the following vulnerability has been resolved: s390/crypto: use vector instructions only if available for ChaCha20 Commit 349d03ffd5f6 "crypto: s390 - add crypto library interface for ChaCha20" added a library interface to the s390 specific ChaCha20 implementation. However no...

SUSE-SU-2025:3716-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49980: USB: gadget: fix use-after-free read in usbudcuevent bsc1245110. - CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev-devname,shortname...

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the use of an improper store instruction to clear an FFR context field in streaming SVE mode, which could...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not checking vector instruction availability, which could lead to an abnormal data crash...

FreeBSD : Mozilla -- integer overflow (c7383de4-ab7a-11f0-b961-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c7383de4-ab7a-11f0-b961-b42e991fc52e advisory. [email protected] reports: Integer overflow in the SVG component Tenable has extracted the preceding...

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

CVE-2025-56801

The Red Hat advisories describe CVE-2025-56801 as a vulnerability in the Reolink Desktop Application 8.18.12 where hardcoded hard-coded credentials function as the Initialization Vector (IV) in AES-CFB encryption, enabling local attackers to decrypt sensitive configuration data stored under %APPD...

EUVD-2025-35229

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data...

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

SUSE CVE-2025-40009

In the Linux kernel, the following vulnerability has been resolved: fs/proc/taskmmu: check p-vecbuf for NULL When the PAGEMAPSCAN ioctl is invoked with veclen = 0 reaches pagemapscanbackoutrange, kernel panics with null-ptr-deref: 44.936808 Oops: general protection fault, probably for non-canonic...

CVE-2025-34281

ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting XSS vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if t...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the mediamanager component when a specially crafted SVG file containing JavaScript code is uploaded and subsequently previewed by an administrator. Details Cross-site scripting or XSS is a code vulnerability...