75 matches found
EUVD-2024-53388
Malicious code in bioql PyPI...
EUVD-2022-54950
Malicious code in bioql PyPI...
EUVD-2025-12862
Malicious code in bioql PyPI...
EUVD-2025-12947
Malicious code in bioql PyPI...
CVE-2025-38636
In the Linux kernel, the following vulnerability has been resolved: rv: Use strings in da monitors tracepoints Using DA monitors tracepoints with KASAN enabled triggers the following warning: BUG: KASAN: global-out-of-bounds in dotraceeventraweventeventdamonitor+0xd6/0x1a0 Read of size 32 at addr...
CVE-2025-31273
A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling. Mitigation Do not process or load untrusted web content with WebKitGTK. In Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server,...
CVE-2025-38445 md/raid1: Fix stack memory use after return in raid1_reshape
In the Linux kernel, the following vulnerability has been resolved: md/raid1: Fix stack memory use after return in raid1reshape In the raid1reshape function, newpool is allocated on the stack and assigned to conf-r1biopool. This results in conf-r1biopool.wait.head pointing to a stack address...
CVE-2025-38382 btrfs: fix iteration of extrefs during log replay
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix iteration of extrefs during log replay At inodeaddref when processing extrefs, if we jump into the next label we have an undefined value of victimname.len, since we haven't initialized it before we did the goto. This...
CVE-2025-38373 IB/mlx5: Fix potential deadlock in MR deregistration
In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix potential deadlock in MR deregistration The issue arises when kzalloc is invoked while holding umemmutex or any other lock acquired under umemmutex. This is problematic because kzalloc can trigger fsreclaimaqcuire,...
CVE-2025-38292
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix invalid access to memory In ath12kdprxmsducoalesce, rxcb is fetched from skb and boolean iscontinuation is part of rxcb. Currently, after freeing the skb, the rxcb-iscontinuation accessed again which is wrong...
CVE-2025-38027
In the Linux kernel, the following vulnerability has been resolved: regulator: max20086: fix invalid memory access max20086parseregulatorsdt calls ofregulatormatch using an array of struct ofregulatormatch allocated on the stack for the matches argument. ofregulatormatch calls...
CVE-2025-38023 nfs: handle failure of nfs_get_lock_context in unlock path
In the Linux kernel, the following vulnerability has been resolved: nfs: handle failure of nfsgetlockcontext in unlock path When memory is insufficient, the allocation of nfslockcontext in nfsgetlockcontext fails and returns -ENOMEM. If we mistakenly treat an nfs4unlockdata structure whose lctx...
libxslt security update
1.1.34-13.0.1 - Fix memory leak in exclPrefixPush Orabug: 37871881 - Added libxslt-oracle-enterprise.patch and replaced doc/redhat.gif in tarball 1.1.34-13 - Rebuild for z-stream/0day - Resolves: RHEL-83514 - Resolves: RHEL-85988 1.1.34-12 - Include alloc changes into previous patch RHEL-83514...
CVE-2025-37872 net: txgbe: fix memory leak in txgbe_probe() error path
In the Linux kernel, the following vulnerability has been resolved: net: txgbe: fix memory leak in txgbeprobe error path When txgbeswinit is called, memory is allocated for wx-rsskey in wxinitrsskey. However, in txgbeprobe function, the subsequent error paths after txgbeswinit don't free the...
RHEL 9 : kernel (RHSA-2025:4469)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:4469 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nvme-tcp: fix potential memory corrupti...
CVE-2022-49923
The CVE affects the Linux kernel nxp-nci path (nfc: nxp-nci: Fix potential memory leak in nxp_nci_send). The root cause is that nxp_nci_send() frees the allocated skb only on nxp_nci_i2c_write() failure; when the write succeeds, nxp_nci_i2c_write() does not free the skb, causing a memory leak. A ...
CVE-2025-22005 ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix memleak of nhcpcpurthoutput in fibchecknhv6gw. fibchecknhv6gw expects that fib6nhinit cleans up everything when it fails. Commit 7dd73168e273 "ipv6: Always allocate pcpu memory in a fib6nh" moved fibnhcommoninit before...
Security Vulnerabilities fixed in Thunderbird ESR 128.9 — Mozilla
JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. Memory safety bugs present in Firefox 136,...
CVE-2022-49671 RDMA/cm: Fix memory leak in ib_cm_insert_listen
In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fix memory leak in ibcminsertlisten cmallocidpriv allocates resource for the cmidpriv. When cminitlisten fails it doesn't free it, leading to memory leak. Add the missing error unwind...
CVE-2024-56741
CVE-2024-56741 is reported in several external advisories as a Linux kernel issue related to AppArmor: aa_unpack_strdup() leaks memory due to the string allocated by kmemdup() not being freed. The connected documents reference multiple Nessus advisories (Azure Linux, Mariner, UNPATCHED_CVE) and S...