1944 matches found
CVE-2023-53492 netfilter: nf_tables: do not ignore genmask when looking up chain by id
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: do not ignore genmask when looking up chain by id When adding a rule to a chain referring to its ID, if that chain had been deleted on the same batch, the rule might end up referring to a deleted chain. This...
CVE-2025-10725
A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the...
OSV-2025-788 Heap-buffer-overflow in int arrow::bit_util::BitReader::GetBatch<int>
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=447480433 Crash type: Heap-buffer-overflow READ 8 Crash state: int arrow::bitutil::BitReader::GetBatch auto arrow::util::RleBitPackedDecoder::GetBatch std::1::pair arrow::util::R...
CVE-2025-10977 JeecgBoot deleteBatch improper authorization
A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of the argument ids leads to improper authorization. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The...
A Bootiful Podcast: Spring Batch lead Mahmoud Ben Hassine
Hi, Spring fans! In this installment we talk to the legendary lead of the Spring Batch project, Mahmoud Ben Hassine, about the latest-and-greatest in Spring Batch in the Spring Boot 4 generation...
SUSE CVE-2025-39879
In the Linux kernel, the following vulnerability has been resolved: ceph: always call cephshiftunusedfoliosleft The function cephprocessfoliobatch sets foliobatch entries to NULL, which is an illegal state. Before foliobatchrelease crashes due to this API violation, the function...
CVE-2025-39879
In the Linux kernel, the following vulnerability has been resolved: ceph: always call cephshiftunusedfoliosleft The function cephprocessfoliobatch sets foliobatch entries to NULL, which is an illegal state. Before foliobatchrelease crashes due to this API violation, the function...
DEBIAN-CVE-2025-39879
In the Linux kernel, the following vulnerability has been resolved: ceph: always call cephshiftunusedfoliosleft The function cephprocessfoliobatch sets foliobatch entries to NULL, which is an illegal state. Before foliobatchrelease crashes due to this API violation, the function...
UBUNTU-CVE-2025-39879
In the Linux kernel, the following vulnerability has been resolved: ceph: always call cephshiftunusedfoliosleft The function cephprocessfoliobatch sets foliobatch entries to NULL, which is an illegal state. Before foliobatchrelease crashes due to this API violation, the function...
UBUNTU-CVE-2025-39868
In the Linux kernel, the following vulnerability has been resolved: erofs: fix runtime warning on truncatefoliobatchexceptionals Commit 0e2f80afcfa6"fs/dax: ensure all pages are idle prior to filesystem unmount" introduced the WARNONONCE to capture whether the filesystem has removed all DAX entri...
CVE-2025-39879 ceph: always call ceph_shift_unused_folios_left()
In the Linux kernel, the following vulnerability has been resolved: ceph: always call cephshiftunusedfoliosleft The function cephprocessfoliobatch sets foliobatch entries to NULL, which is an illegal state. Before foliobatchrelease crashes due to this API violation, the function...
CVE-2025-39879
CVE-2025-39879 pertains to the Linux kernel Ceph code path. The issue revolves around ceph_process_folio_batch() leaving folio_batch entries as NULL, an illegal state that could lead to crashes if folio_batch_release() dereferences them. The documented root cause describes that earlier code inten...
CVE-2025-39879 ceph: always call ceph_shift_unused_folios_left()
In the Linux kernel, the following vulnerability has been resolved: ceph: always call cephshiftunusedfoliosleft The function cephprocessfoliobatch sets foliobatch entries to NULL, which is an illegal state. Before foliobatchrelease crashes due to this API violation, the function...
CVE-2025-39879 ceph: always call ceph_shift_unused_folios_left()
In the Linux kernel, the following vulnerability has been resolved: ceph: always call cephshiftunusedfoliosleft The function cephprocessfoliobatch sets foliobatch entries to NULL, which is an illegal state. Before foliobatchrelease crashes due to this API violation, the function...
CVE-2025-39868 erofs: fix runtime warning on truncate_folio_batch_exceptionals()
In the Linux kernel, the following vulnerability has been resolved: erofs: fix runtime warning on truncatefoliobatchexceptionals Commit 0e2f80afcfa6"fs/dax: ensure all pages are idle prior to filesystem unmount" introduced the WARNONONCE to capture whether the filesystem has removed all DAX entri...
CVE-2025-39868 erofs: fix runtime warning on truncate_folio_batch_exceptionals()
In the Linux kernel, the following vulnerability has been resolved: erofs: fix runtime warning on truncatefoliobatchexceptionals Commit 0e2f80afcfa6"fs/dax: ensure all pages are idle prior to filesystem unmount" introduced the WARNONONCE to capture whether the filesystem has removed all DAX entri...
CVE-2025-39868
CVE-2025-39868 describes a Linux kernel vulnerability where a runtime warning (WARN_ON_ONCE) could be triggered during unmount due to how erofs (and related DAX entries) were handled. The root cause, as noted in the description, is a fix introduced by commit 0e2f80afcfa6 that added WARN_ON_ONCE t...
CVE-2025-39868 erofs: fix runtime warning on truncate_folio_batch_exceptionals()
In the Linux kernel, the following vulnerability has been resolved: erofs: fix runtime warning on truncatefoliobatchexceptionals Commit 0e2f80afcfa6"fs/dax: ensure all pages are idle prior to filesystem unmount" introduced the WARNONONCE to capture whether the filesystem has removed all DAX entri...
Liferay Portal and DXP does not properly check permission with import and export tasks
Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with import and export tasks, which allows remote authenticated users to access the exported data via...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper permission checks in the import and export tasks. An attacker can gain unauthorized access to exported data by sending crafted requests to the REST APIs. Remediation Upgrade...