43 matches found
BELL-CVE-2025-38386
Bulletin has no description...
CVE-2025-50082
CVE-2025-50082 is a MySQL Server (Oracle) vulnerability affecting the Server: Optimizer component. Affected versions are 8.0.0–8.0.42, 8.4.0–8.4.5, 9.0.0–9.3.0 . The flaw allows a low-privilege remote attacker (network access via multiple protocols) to cause a hang or a frequent crash (complete D...
CVE-2025-49729
creationtimestamp| type| source ---|---|--- 2025-07-08 15:56:31+00:00| seen| https://www.thezdi.com/blog/2025/7/8/the-july-2025-security-update-review 2025-07-08 20:30:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lti5ejncff2w...
CVE-2025-1938
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 13...
CVE-2025-1930
On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability affects Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...
CVE-2021-47631
In the Linux kernel, the following vulnerability has been resolved: ARM: davinci: da850-evm: Avoid NULL pointer dereference With newer versions of GCC, there is a panic in da850evmconfigemac when booting multiv5defconfig in QEMU under the palmetto-bmc machine: Unable to handle kernel NULL pointer...
CVE-2025-21784
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: bail out when failed to load fw in pspinitcapmicrocode In function pspinitcapmicrocode, it should bail out when failed to load firmware, otherwise it may cause invalid memory access...
CVE-2022-49297
In the Linux kernel, the following vulnerability has been resolved: nbd: fix io hung while disconnecting device In our tests, "qemu-nbd" triggers a io hung: INFO: task qemu-nbd:11445 blocked for more than 368 seconds. Not tainted 5.18.0-rc3-next-20220422-00003-g2176915513ca 884 "echo 0...
CVE-2025-21715
In the Linux kernel, the following vulnerability has been resolved: net: davicom: fix UAF in dm9000drvremove dm is netdev private data and it cannot be used after freenetdev call. Using dm after freenetdev can cause UAF bug. Fix it by moving freenetdev at the end of the function. This is similar ...
CVE-2022-49073
In the Linux kernel, the following vulnerability has been resolved: ata: satadwc460ex: Fix crash due to OOB write the driver uses libata's "tag" values from in various arrays. Since the mentioned patch bumped the ATATAGINTERNAL to 32, the value of the SATADWCQCMDMAX needs to account for that...
CVE-2022-49581
In the Linux kernel, the following vulnerability has been resolved: be2net: Fix buffer overflow in begetmoduleeeprom becmdreadporttransceiverdata assumes that it is given a buffer that is at least PAGEDATALEN long, or twice that if the module supports SFF 8472. However, this is not always the...
CVE-2024-52560
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Mark inode as bad as soon as error detected in mienumattr Extended the mienumattr function interface with an additional parameter, struct ntfsinode ni, to allow marking the inode as bad as soon as an error is detected...
CVE-2022-49264
In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting1 Ariadne Conill: "In several other operating systems, it is a hard requirement that the second argument to execve2 be the name of a program, thus prohibiting a scenario...
CVE-2022-49067
In the Linux kernel, the following vulnerability has been resolved: powerpc: Fix virtaddrvalid for 64-bit Book3E & 32-bit mpe: On 64-bit Book3E vmalloc space starts at 0x8000000000000000. Because of the way pa works we have: pa0x8000000000000000 == 0, and therefore virttopfn0x8000000000000000 == ...
CVE-2022-49124
In the Linux kernel, the following vulnerability has been resolved: x86/mce: Work around an erratum on fast string copy instructions A rare kernel panic scenario can happen when the following conditions are met due to an erratum on fast string copy instructions: 1 An uncorrected error. 2 That err...
CVE-2022-49284
In the Linux kernel, the following vulnerability has been resolved: coresight: syscfg: Fix memleak on registration failure in cscfgcreatedevice deviceregister calls deviceinitialize, according to doc of deviceinitialize: Use putdevice to give up your reference instead of freeing @dev directly onc...
CVE-2022-49274
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix crash when mount with quota enabled There is a reported crash when mounting ocfs2 with quota enabled. RIP: 0010:ocfs2qinfolockresinit+0x44/0x50 ocfs2 Call Trace: ocfs2localreadinfo+0xb9/0x6f0 ocfs2...
CVE-2021-47657
A flaw was found in the virtio-gpu module in the Linux kernel. If the initialization fails, for example, due to a fault injection, a missing check in the virtiogpuarrayputfree function can cause a NULL pointer dereference, resulting in a denial of service. Mitigation Mitigation for this issue is...
CVE-2022-49246
In the Linux kernel, the following vulnerability has been resolved: ASoC: atmel: Fix error handling in sndprotoprobe The devicenode pointer is returned by ofparsephandle with refcount incremented. We should use ofnodeput on it when done. This function only calls ofnodeput in the regular path. And...
CVE-2022-49705
In the Linux kernel, the following vulnerability has been resolved: 9p: fix fid refcount leak in v9fsvfsatomicopendotl We need to release directory fid if we fail halfway through open This fixes fid leaking with xfstests generic 531...