CVE-2022-49255

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix missing free nid in f2fshandlefailedinode This patch fixes xfstests/generic/475 failure. 293.680694 F2FS-fs dm-1: May loss orphan inode, run fsck to fix. 293.685358 Buffer I/O error on dev dm-1, logical block 8388592,...

CVE-2022-49226 net: asix: add proper error handling of usb read errors

In the Linux kernel, the following vulnerability has been resolved: net: asix: add proper error handling of usb read errors Syzbot once again hit uninit value in asix driver. The problem still the same -- asixreadcmd reads less bytes, than was requested by caller. Since all read requests are...

CVE-2022-49226

In the Linux kernel, the following vulnerability has been resolved: net: asix: add proper error handling of usb read errors Syzbot once again hit uninit value in asix driver. The problem still the same -- asixreadcmd reads less bytes, than was requested by caller. Since all read requests are...

CVE-2022-49226 net: asix: add proper error handling of usb read errors

In the Linux kernel, the following vulnerability has been resolved: net: asix: add proper error handling of usb read errors Syzbot once again hit uninit value in asix driver. The problem still the same -- asixreadcmd reads less bytes, than was requested by caller. Since all read requests are...

CVE-2022-49189 clk: qcom: clk-rcg2: Update logic to calculate D value for RCG

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: clk-rcg2: Update logic to calculate D value for RCG The display pixel clock has a requirement on certain newer platforms to support M/N as 2/3 and the final D value calculated results in underflow errors. As the curren...

CVE-2022-49189 clk: qcom: clk-rcg2: Update logic to calculate D value for RCG

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: clk-rcg2: Update logic to calculate D value for RCG The display pixel clock has a requirement on certain newer platforms to support M/N as 2/3 and the final D value calculated results in underflow errors. As the curren...

CVE-2022-49189

CVE-2022-49189 : In the Linux kernel (clk-rcg2, Qualcomm display pixel clock), final D calculation for the M/N ratio could fall outside the accepted range, causing underflow. The fix updates the D-value calculation to respect the valid range for given M and N, preventing underflow. Affected compo...

CVE-2022-49167

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not double complete bio on errors during compressed reads I hit some weird panics while fixing up the error handling from btrfslookupbiosums. Turns out the compression path will complete the bio we use if we set up any ...

CVE-2022-49168

The CVE-2022-49168 entry concerns a Linux kernel bug in the btrfs repair path. The issue occurred when the repair submission failed and the code attempted to clean up the repair bio simultaneously with endio, creating potential use-after-free and NULL dereference conditions due to racing with bio...

CVE-2022-49152

In the Linux kernel, the following vulnerability has been resolved: XArray: Fix xascreaterange when multi-order entry present If there is already an entry present that is of order = XACHUNKSHIFT when we call xascreaterange, xascreaterange will misinterpret that entry as a node and dereference...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the mediatek clock driver not properly handling error branches during probing, which could lead to a memory...

ROS-20250226-08

A vulnerability in the OpenJPEG image encoding and decoding library is related to memory boundary errors. memory boundary errors. Exploitation of the vulnerability could allow an attacker to execute arbitrary code A vulnerability in the OpenJPEG image encoding and decoding library is related to a...

ROS-20250226-07

Apache Tomcat application server vulnerability is related to synchronization errors when using a shared resource due to lack of case-sensitivity when writing servlets to the file system. as a result of file system case insensitivity when writing servlets. Exploitation exploitation of the...

Siemens SCALANCE W700 Double Free (CVE-2023-29469)

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

U.S. Dept Of Defense: Error-based blind SQL injection

An error-based blind SQL injection vulnerability was discovered at a certain location. The vulnerability was present in the sites, rods, and ous parameters. By exploiting these parameters, sensitive information could have been extracted by triggering errors returned by the database. Certain...

CVE-2025-0726

The CVE-2025-0726 family affects Eclipse ThreadX NetX Duo’s NetX HTTP server. A vulnerability in the HTTP server functionality (NetX) — prior to 6.4.2 for CVE-2025-0726 and prior to 6.4.3 for CVE-2025-2260 — arises from a missing closure of a file when an error occurs, causing a denial of service...

Low: docker

Issue Overview: golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors...

CVE-2024-6697

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state. CWE-280 Hitachi Vantara Pentaho Business...

CVE-2024-13535

The Actionwear products sync plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.3.0. This is due the composer-setup.php file being publicly accessible with 'displayerrors' set to true. This makes it possible for unauthenticated attackers to retrieve...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Symfony vulnerabilities (USN-7272-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7272-1 advisory. Soner Sayakci discovered that Symfony incorrectly handled cookie storage in the web cache. An attacker could possibly use this...