25 matches found
CVE-2026-43275
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly flushed during suspend when the runtime power management level is set to UFSPMLVL0. When the RPM...
CVE-2026-43275
In the Linux kernel, a race condition in the UFS core driver can occur during system suspend when Runtime Power Management (RPM) level is zero. The driver previously bypassed flushing the exception-event handling work in this state, risking illegal host-controller access after entering deep power...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ufs core driver failing to properly handle exceptions when the RPM level is zero, potentially leadi...
PT-2026-36463
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.0-rc2-next-20260310 Description An issue exists in the btrfs file system where the kernel fails to validate the root item invariant when reading it from disk. Specifically, if drop progress.objectid is...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from a BUGON triggered when merging root nodes when the root entry in btrfs contains a non-zero dropprogress...
Trix is vulnerable to XSS through JSON deserialization bypass in drag-and-drop (Level0InputController)
Impact The Trix editor, in versions prior to 2.1.18, is vulnerable to XSS when a crafted application/x-trix-document JSON payload is dropped into the editor in environments using the fallback Level0InputController e.g., embedded WebViews lacking Input Events Level 2 support. The...
GHSA-53P3-C7VP-4MCC Trix is vulnerable to XSS through JSON deserialization bypass in drag-and-drop (Level0InputController)
Impact The Trix editor, in versions prior to 2.1.18, is vulnerable to XSS when a crafted application/x-trix-document JSON payload is dropped into the editor in environments using the fallback Level0InputController e.g., embedded WebViews lacking Input Events Level 2 support. The...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the StringPiece.fromJSON function. An attacker can execute arbitrary JavaScript in the context of the victim's browser by tricking a user into dragging and dropping a crafted application/x-trix-document JSON...
EUVD-2024-28988
Malicious code in bioql PyPI...
Tarfile extracts filtered members when errorlevel=0
...
cpython: Tarfile extracts filtered members when errorlevel=0
A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms...
cpython: Tarfile extracts filtered members when errorlevel=0
A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms...
cpython: Tarfile extracts filtered members when errorlevel=0
A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms...
Intel oneAPI Level Zero < 1.5.4 Privilege Escalation
Uncontrolled search path for some IntelR oneAPI Level Zero software may allow an authenticated user to potentially enable escalation of privilege via local access. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...
CVE-2024-31073
Uncontrolled search path for some IntelR oneAPI Level Zero software may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2024-31073
Uncontrolled search path for some IntelR oneAPI Level Zero software may allow an authenticated user to potentially enable escalation of privilege via local access...
Intel oneAPI Level Zero Advisory - Lenovo Support US
No description provided...
PT-2025-21050 · Intel · Intel(R) Oneapi Level Zero
Name of the Vulnerable Software and Affected Versions: IntelR oneAPI Level Zero affected versions not specified Description: The issue is related to an uncontrolled search path in some IntelR oneAPI Level Zero software, which may allow an authenticated user to potentially enable escalation of...
Intel® oneAPI Level Zero Advisory
Summary: A potential security vulnerability in some Intel® oneAPI Level Zero software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2024-31073 Description: Uncontrolled search path for some Intel®...
Intel oneAPI Level Zero 代码问题漏洞
Intel oneAPI Level Zero is an underlying heterogeneous computing interface standard from Intel Corporation USA that provides direct hardware access to Intel GPUs/FPGAs. A code issue vulnerability exists in Intel oneAPI Level Zero that stems from an uncontrolled search path that could lead to loca...