Linux Distros Unpatched Vulnerability : CVE-2023-52599

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jfs: fix array-index-out-of-bounds in diNewExt Syz report UBSAN: array-index-out-of-bounds in fs/jfs/jfsimap.c:2360:2 index -878706688 is out of range for type...

Linux Distros Unpatched Vulnerability : CVE-2024-38623

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning:...

Securing Educational LLMs: a Generalised Taxonomy of Attacks on LLMs and DREAD Risk Assessment

Due to perceptions of efficiency and significant productivity gains, various organisations, including in education, are adopting Large Language Models LLMs into their workflows. Educator-facing, learner-facing, and institution-facing LLMs, collectively, Educational Large Language Models eLLMs,...

BIT-LIBPHP-2024-5585 Command injection via array-ish $command parameter of proc_open() (bypass CVE-2024-1874 fix)

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command ar...

BIT-LIBPHP-2024-1874 Command injection via array-ish $command parameter of proc_open()

In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands ...

kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array

A flaw was found in the AMD CPU erratum handling code in the Linux kernel. The erratum1386microcode array lacked a proper terminator, which could cause the x86matchcpuwithstepping function to read beyond the end of the array. This results in undefined behavior during CPU feature detection and...

Linux Distros Unpatched Vulnerability : CVE-2023-52804

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/jfs: Add validity check for dbmaxag and dbagpref Both dbmaxag and dbagpref are used as the index of the dbagfree array, but there is currently no validity...

Linux Distros Unpatched Vulnerability : CVE-2024-27388

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SUNRPC: fix some memleaks in gssxdecoptionarray The creds and oa-data need to be freed in the error- handling paths after their allocation. So this patch add...

Linux Distros Unpatched Vulnerability : CVE-2025-39728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix UBSAN panic in samsungclkinit With UBSANARRAYBOUNDS=y, I'm hitting the bel...

Linux Distros Unpatched Vulnerability : CVE-2025-37751

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Avoid running off the end of an AMD erratum table The NULL array terminator at the...

Linux Distros Unpatched Vulnerability : CVE-2025-38395

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods drvdata::gpiods is supposed to hold an array of 'gpiodesc' pointers. But the memory is allocate...

Linux Distros Unpatched Vulnerability : CVE-2022-50167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: fix potential 32-bit overflow when accessing ARRAY map element If BPF array map is bigger than 4GB, element pointer calculation can overflow because both...

Linux Distros Unpatched Vulnerability : CVE-2024-38587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: speakup: Fix sizeof vs ARRAYSIZE bug The buf pointer is an array of u16 values. This code...

Linux Distros Unpatched Vulnerability : CVE-2022-48927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: iio: adc: tsc2046: fix memory corruption by preventing array overflow On one side we have...

K000152931: Multiple PostgreSQL vulnerabilities

Security Advisory Description CVE-2023-2455 Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other...

CVE-2025-54645

Out-of-bounds array access issue due to insufficient data verification in the location service module. Impact: Successful exploitation of this vulnerability may affect availability...

Linux Distros Unpatched Vulnerability : CVE-2025-38257

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - s390/pkey: Prevent overflow in size calculation for memdupuser Number of apqn target list entries contained in 'nrapqns' variable is determined by userspace via...

Linux Distros Unpatched Vulnerability : CVE-2021-47065

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: rtw88: Fix array overrun in rtwgettxpowerparams Using a kernel with the Undefined Behaviour...

Linux Distros Unpatched Vulnerability : CVE-2021-28660

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rtwwxsetscan in drivers/staging/rtl8188eu/osdep/ioctllinux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the -ssid array. NOTE: from th...

Linux Distros Unpatched Vulnerability : CVE-2025-38198

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fbcon: Make sure modelist not set on unregistered console It looks like attempting to write to the storemodes sysfs node will run afoul of unregistered consoles...