kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtwfwbtwificontrolrtwdev, para0, &para1', which reads 5 bytes: void rtwfwbtwificontrolstruct...

Linux Distros Unpatched Vulnerability : CVE-2021-47166

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NFS: Don't corrupt the value of pgbyteswritten in nfsdorecoalesce The value of mirror-pgbyteswritten should only be updated after a successful attempt to flush...

Linux Distros Unpatched Vulnerability : CVE-2023-53108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/iucv: Fix size of interrupt data iucvirqdata needs to be 4 bytes larger. These bytes are not used by the iucv module, but written by the z/VM hypervisor in...

Linux Distros Unpatched Vulnerability : CVE-2022-50062

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: bgmac: Fix a BUG triggered by wrong bytescompl On one of our machines we got: kernel BUG at lib/dynamicqueuelimits.c:27! Internal error: Oops - BUG: 0 1...

OSV-2025-608 Heap-buffer-overflow in _dwarf_memcpy_noswap_bytes

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437060549 Crash type: Heap-buffer-overflow READ 4 Crash state: dwarfmemcpynoswapbytes dwarflengthofcuheader dwarfglobalnameoffsets...

Linux Distros Unpatched Vulnerability : CVE-2021-47336

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smackfs: restrict bytes count in smksetcipso Oops, I failed to update subject line. From 07571157c91b98ce1a4aa70967531e64b78e8346 Mon Sep 17 00:00:00 2001 Date:...

Linux Distros Unpatched Vulnerability : CVE-2025-21950

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmdioctl In the pmcmdioctl...

Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: unprocessed client request due to bytes to ignore

...

libxml2: Out-of-Bounds Read in libxml2

A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...

libxml2: Out-of-Bounds Read in libxml2

A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can...

CLSA-2025-1753780622 php: Fix of CVE-2025-1220

CVE-2025-1220: error if host contains null bytes in the middle of the string...

CLSA-2025-1753769145 php: Fix of CVE-2025-1220

CVE-2025-1220: error if host contains null bytes in the middle of the string...

CLSA-2025-1753768680 php: Fix of CVE-2025-1220

CVE-2025-1220: error if host contains null bytes in the middle of the string...

SUSE-SU-2025:20532-1 Security update for perl

This update for perl fixes the following issues: - CVE-2024-56406: Fixed heap buffer overflow when transliterating non-ASCII bytes bsc1241083 - CVE-2025-40909: Fixed a working directory race condition causing file operations to target unintended paths bsc1244079...

DEBIAN-CVE-2025-38495

In the Linux kernel, the following vulnerability has been resolved: HID: core: ensure the allocated report buffer can contain the reserved report ID When the report ID is not used, the low level transport drivers expect the first byte to be 0. However, currently the allocated buffer not account f...

UBUNTU-CVE-2025-38495

In the Linux kernel, the following vulnerability has been resolved: HID: core: ensure the allocated report buffer can contain the reserved report ID When the report ID is not used, the low level transport drivers expect the first byte to be 0. However, currently the allocated buffer not account f...

DEBIAN-CVE-2025-38425

In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: check msg length in SMBUS block read For SMBUS block read, do not continue to read if the message length passed from the device is '0' or greater than the maximum allowed bytes...

Use of Predictable Algorithm in Random Number Generator

Overview Affected versions of this package are vulnerable to Use of Predictable Algorithm in Random Number Generator via the RANDpoll function. An attacker can obtain predictable random values by invoking RANDbytes after a fork operation in affected applications. This is only exploitable if the...

OpenZeppelin Contracts Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers

Impact The lastIndexOfbytes,byte,uint256 function of the Bytes.sol library may access uninitialized memory when the following two conditions hold: 1 the provided buffer length is empty i.e. buffer.length == 0 and position is not 2256 - 1 i.e. pos != typeuint256.max. The pos argument could be used...

CVE-2025-54070 OpenZeppelin Contracts's Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers

OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the lastIndexOfbytes,byte,uint256 function of the Bytes.sol library may access uninitialized memory when the following two conditions hold: 1 the provided buffer length...