CVE-2022-49189

CVE-2022-49189 : In the Linux kernel (clk-rcg2, Qualcomm display pixel clock), final D calculation for the M/N ratio could fall outside the accepted range, causing underflow. The fix updates the D-value calculation to respect the valid range for given M and N, preventing underflow. Affected compo...

CVE-2022-49167

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not double complete bio on errors during compressed reads I hit some weird panics while fixing up the error handling from btrfslookupbiosums. Turns out the compression path will complete the bio we use if we set up any ...

CVE-2022-49168

The CVE-2022-49168 entry concerns a Linux kernel bug in the btrfs repair path. The issue occurred when the repair submission failed and the code attempted to clean up the repair bio simultaneously with endio, creating potential use-after-free and NULL dereference conditions due to racing with bio...

CVE-2022-49152

In the Linux kernel, the following vulnerability has been resolved: XArray: Fix xascreaterange when multi-order entry present If there is already an entry present that is of order = XACHUNKSHIFT when we call xascreaterange, xascreaterange will misinterpret that entry as a node and dereference...

The vulnerability of the do_repack_createinstallmedia function in Parallels Desktop hypervisors allows a hacker to increase their privileges.

The vulnerability of the dorepackcreateinstallmedia function in Parallels Desktop hypervisors is related to synchronization errors when using a shared resource “Race Situation”. Exploiting this vulnerability can allow an attacker to gain increased privileges...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the mediatek clock driver not properly handling error branches during probing, which could lead to a memory...

ROS-20250226-08

A vulnerability in the OpenJPEG image encoding and decoding library is related to memory boundary errors. memory boundary errors. Exploitation of the vulnerability could allow an attacker to execute arbitrary code A vulnerability in the OpenJPEG image encoding and decoding library is related to a...

The vulnerability of the ext4_mb_find_good_group_avg_frag_lists() function in the ext4 file system of the Linux operating system allows a attacker to cause a service failure.

The vulnerability of the ext4mbfindgoodgroupavgfraglists function in the ext4 file system of the Linux operating system is related to read errors beyond the memory boundary. Exploiting this vulnerability could allow an attacker to cause a service failure...

ROS-20250226-07

Apache Tomcat application server vulnerability is related to synchronization errors when using a shared resource due to lack of case-sensitivity when writing servlets to the file system. as a result of file system case insensitivity when writing servlets. Exploitation exploitation of the...

The vulnerability of the NFC component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the NFC component in the Linux operating system’s kernel is related to zero-division errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the mm component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the mm component in the Linux operating system’s kernel is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

Siemens SCALANCE W700 Double Free (CVE-2023-29469)

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

The vulnerability of the mlxsw component in the Linux operating system’s kernel, which allows a hacker to trigger a service failure

The vulnerability of the mlxsw component in the Linux operating system’s kernel is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the netem component in the Linux operating system’s kernel allows a hacker to gain elevated privileges within the system.

The vulnerability of the netem component in the Linux operating system’s kernel is related to errors that occur after decompression. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...

The vulnerability of the memcg component in the Linux operating system allows a hacker to gain elevated privileges within the system.

The vulnerability of the memcg component in the Linux operating system’s kernel is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...

The vulnerabilities of the sched/smt components in Linux operating systems allow attackers to trigger service failures.

The vulnerability of the sched/smt components in Linux operating systems is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause service failures...

U.S. Dept Of Defense: Error-based blind SQL injection

An error-based blind SQL injection vulnerability was discovered at a certain location. The vulnerability was present in the sites, rods, and ous parameters. By exploiting these parameters, sensitive information could have been extracted by triggering errors returned by the database. Certain...

CVE-2025-0726

The CVE-2025-0726 family affects Eclipse ThreadX NetX Duo’s NetX HTTP server. A vulnerability in the HTTP server functionality (NetX) — prior to 6.4.2 for CVE-2025-0726 and prior to 6.4.3 for CVE-2025-2260 — arises from a missing closure of a file when an error occurs, causing a denial of service...

Low: docker

Issue Overview: golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors...

CVE-2024-6697

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state. CWE-280 Hitachi Vantara Pentaho Business...