CVE-2025-21852 net: Add rx_skb of kfree_skb to raw_tp_null_args[].

In the Linux kernel, the following vulnerability has been resolved: net: Add rxskb of kfreeskb to rawtpnullargs. Yan Zhai reported a BPF prog could trigger a null-ptr-deref 0 in tracekfreeskb if the prog does not check if rxsk is NULL. Commit c53795d48ee8 "net: add rxsk to tracekfreeskb" added rx...

GHSA-H3MF-4FWP-59C7 VecStorage Deserialize Allows Violation of Length Invariant

The Deserialize implementation for VecStorage did not maintain the invariant that the number of elements must equal nrows ncols. Deserialization of specially crafted inputs could allow memory access beyond allocation of the vector. This flaw was introduced in v0.11.0 086e6e due to the addition of...

CVE-2021-3490

The eBPF ALU32 bounds tracking for bitwise ops AND, OR and XOR in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e "bpf: Fix...

PYSEC-2020-286

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's SavedModel protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using tensorflow-servin...

Dragonfly 1.0.5 Remote Code Execution Exploit

Dragonfly gem version 1.0.5 that is used for image processing suffers from a code execution vulnerability. RCE in the Dragonfly gem for image uploading & processing in rails/sinatra, in version 1.0.5. https://github.com/markevans/dragonfly The underlaying vulnerability is that you can pass...