AMD Embedded Processors和AMD Client Processor 安全漏洞

AMD Embedded Processors and AMD Client Processor are both products of AMD Semiconductor, Inc.AMD Embedded Processors are a family of embedded high-performance GPUs.AMD Client Processor is a processor for client devices such as personal computers, AMD Embedded Processors and AMD Client Processors...

PT-2025-36377

Name of the Vulnerable Software and Affected Versions: AMD graphics driver software affected versions not specified Description: Improper validation of an array index within the software could allow an attacker to pass malformed arguments to the dynamic power management DPM functions. This can...

CVE-2025-39690

In the Linux kernel, the following vulnerability has been resolved: iio: accel: sca3300: fix uninitialized iio scan data Fix potential leak of uninitialized stack data to userspace by ensuring that the channels array is zeroed before use...

CVE-2025-38731

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix vmbindioctl double free bug If the argument check during an array bind fails, the bindops are freed twice as seen below. Fix this by setting bindops to NULL after freeing...

UBUNTU-CVE-2025-38731

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix vmbindioctl double free bug If the argument check during an array bind fails, the bindops are freed twice as seen below. Fix this by setting bindops to NULL after freeing...

UBUNTU-CVE-2025-39719

In the Linux kernel, the following vulnerability has been resolved: iio: imu: bno055: fix OOB access of hwxlate array Fix a potential out-of-bounds array access of the hwxlate array in bno055.c. In bno055getregmask, hwxlate was iterated over the length of the vals array instead of the length of t...

CVE-2025-39719 iio: imu: bno055: fix OOB access of hw_xlate array

In the Linux kernel, the following vulnerability has been resolved: iio: imu: bno055: fix OOB access of hwxlate array Fix a potential out-of-bounds array access of the hwxlate array in bno055.c. In bno055getregmask, hwxlate was iterated over the length of the vals array instead of the length of t...

CVE-2025-39690 iio: accel: sca3300: fix uninitialized iio scan data

In the Linux kernel, the following vulnerability has been resolved: iio: accel: sca3300: fix uninitialized iio scan data Fix potential leak of uninitialized stack data to userspace by ensuring that the channels array is zeroed before use...

Yii Framework < 2.0.52 Unsafe Reflection Regression (GHSA-ggwg-cmwp-46r5)

The version of Yii Framework installed on the remote host is prior to 2.0.52. It is, therefore, affected by an unsafe reflection vulnerability. - Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in...

PT-2025-36284

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A potential leak of uninitialized stack data to userspace exists due to the channels array not being zeroed before use. This issue affects the sca3300 driver within the industrial I/O...

SUSE CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...

New Malware Uses Windows Character Map for Cryptomining

Darktrace reports new malware hijacking Windows Character Map for cryptomining, exposing risks of hidden attacks in everyday software…...

Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability

...

jfs: fix array-index-out-of-bounds in dbAdjTree

...

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid.

...

usb: typec: fix potential array underflow in ucsi_ccg_sync_control()

...

jfs: fix array-index-out-of-bounds read in add_missing_indices

...

drm/amd/display: fix incorrect mpc_combine array size

...

drm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr

...

Medium: ruby

Issue Overview: An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter startdocument function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can...