CVE-2026-32829

lz4flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values...

The vulnerability of the cleanup_srcu_struct() function in the kernel/rcu/srcutree.c module of the synchronization subsystem in Linux multi-threaded kernel systems allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the cleanupsrcustruct function in the kernel/rcu/srcutree.c sub-system of the synchronization mechanism in Linux multi-threaded kernel systems is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the...

Important: xorg-x11-server-Xwayland security update

Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents CVE-2024-31080 xorg-x11-server: Heap buffer overread/data leakage in ProcXIPassiveGrabDevice CVE-2024-31081 xorg-x11-server: Use-after-free in...

The vulnerability of the `usbredirparser_serialize()` function in the `usbredirparser/usbredirparser.c` component of the Usbredir protocol allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the usbredirparserserialize function in the usbredirparser/usbredirparser.c component of the Usbredir protocol relates to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause...

CVE-2019-25052

In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information...