CVE-2023-54170

CVE-2023-54170: In the Linux kernel, dns_query() can in rare cases create a duplicate index key in a keyring assoc_array when resolving a hostname. This leads to a kernel BUG_ON() and a crash. The issue occurs during keyring association and DNS resolver interaction in the kernel’s DNS resolver pa...

CVE-2025-65570

A type confusion in jsish 2.0 allows incorrect control flow during execution of the OPNEXT opcode. When an “instanceof” expression uses an array element access as the left-hand operand inside a for-in loop, the instructions implementation leaves an additional array reference on the stack rather...

Allocation of Resources Without Limits or Throttling

Overview qs is a querystring parser that supports nesting and arrays, with a depth limit. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via improper enforcement of the arrayLimit option in bracket notation parsing. An attacker can exhaust...

Allocation of Resources Without Limits or Throttling

Overview org.webjars.npm:qs is a querystring parser that supports nesting and arrays, with a depth limit. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via improper enforcement of the arrayLimit option in bracket notation parsing. An...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the use of sprintf by the qla2xxx driver that may result in an array out-of-bounds...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an array index out-of-bounds, which could lead to out-of-bounds reads...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992242)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992242 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: prevent out-of-bounds array speculation when closing a file descriptor Google-Bug-Id: 1141993...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from the fact that exfat's use of kmallocarray may result in a memory allocation failure...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992398)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992398 advisory. In the Linux kernel, the following vulnerability has been resolved: ca8210: fix maclen negative array access This patch fixes a buffer overflow access of skb-data if...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992364)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992364 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: st: Fix array overflow in stsetup Change the array size to follow parms size instead of a...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper initialization of arrays, which could lead to reuse after release...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992566)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992566 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix potential buffer overflow in nisetmcspecialregisters The last case label can writ...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992647)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992647 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add array index check for hdcp ddc access Why Coverity reports OVERRUN warning. ...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992238)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992238 advisory. In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AMLNOOPERANDRESOLVE flag to Timer ACPICA commit...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from linking duplicate keys to the assocarray of a key ring, which could cause the kernel to crash...

PT-2025-53999

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.3.18-150300.59.90-default 1 SLE15-SP3 Description A flaw exists in the Linux kernel related to key management. Specifically, the issue involves linking a duplicate key to a keyring’s assoc array during DNS...

CVE-2025-50343

CVE-2025-50343 affects libmatio (MAT-file I/O library). A heap-based memory corruption can occur in Mat_VarCreateStruct() when nfields does not match the actual number of strings in the fields array, causing out-of-bounds reads and invalid memory frees during cleanup, potentially leading to a seg...

AZL-73319 CVE-2025-15284 affecting package nodejs-nodemon 2.0.3-5

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

CVE-2025-15284

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...

AZL-73359 CVE-2025-15284 affecting package nodejs-nodemon 2.0.3-4

Improper Input Validation vulnerability in qs parse modules allows HTTP DoS.This issue affects qs: 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation a=1&a=2, only for indexed notation a0=1. This is a consistency bug; arrayLimit should apply uniformly across a...