PT-2025-46746

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The lan78xx read raw eeprom function did not correctly handle EEPROM read timeout errors -ETIMEDOUT. The function would discard the original timeout error and return only the status of a...

Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124.

...

CVE-2025-57774 Out Of Bounds Write of invalid data when parsing a DSB file with Digilent DASYLab

There is an out of bounds write vulnerability due to improper bounds checking resulting in invalid data when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

CVE-2025-21477 Improper Input Validation in Modem

Transient DOS while processing CCCH data when NW sends data with invalid length...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that could result in a temporary denial of service when processing a random access response with an invalid PDU length...

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

CVE-2025-6545

A flaw was found in the npm pbkdf2 library, allowing signature spoofing. When executing in javascript engines other than Nodejs or Nodejs when importing pbkdf2/browser, certain algorithms will silently fail and return invalid data. The return values are predictable, which undermines the security...

Oracle Linux 9 : kernel (ELSA-2025-8643)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-8643 advisory. - xsk: fix an integer overflow in xpcreateandassignumem CKI Backport Bot RHEL-87911 CVE-2025-21997 - vlan: enforce underlying device type Guillaume Nau...

CVE-2025-3898

CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver...

CVE-2025-3898

CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver...

kernel: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi

A flaw was discovered in the Linux kernel's driver for Qualcomm Atheros Wi-fi 7 driver ath12k. An attacker with the ability to generate real or simulated network traffic could exploit this vulnerability to modify kernel memory, leading to a denial of service, compromised system integrity, or an...

kernel: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi

A flaw was discovered in the Linux kernel's driver for Qualcomm Atheros Wi-fi 7 driver ath12k. An attacker with the ability to generate real or simulated network traffic could exploit this vulnerability to modify kernel memory, leading to a denial of service, compromised system integrity, or an...

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net: gso: fix ownership in udpgsosegment CVE-2025-21926 kernel: vlan: enforce underlying device type CVE-2025-21920 kernel: xsk: fix an integer overflow in xpcreateandassignumem...

CVE-2023-26285

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418...

CVE-2023-21650

Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length...

CVE-2021-43849

cordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. In versions prior to 5.0.1 The exported activity de.niklasmerz.cordova.biometric.BiometricActivity can cause the app to crash. This vulnerability occurred...

CVE-2020-11197

Possible integer overflow can occur when stream info update is called when total number of streams detected are zero while parsing TS clip with invalid data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...

CVE-2019-14771

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non-configuration scripts to be uploaded to the...

CVE-2025-37943

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12kdprxhundecapnwifi In certain cases, hardware might provide packets with a length greater than the maximum native Wi-Fi header length. This can lead to accessing and modifying fields ...

DEBIAN-CVE-2025-37943

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12kdprxhundecapnwifi In certain cases, hardware might provide packets with a length greater than the maximum native Wi-Fi header length. This can lead to accessing and modifying fields ...