22 matches found
CVE-2023-52989
In the Linux kernel, the following vulnerability has been resolved: firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region This patch is fix for Linux kernel v2.6.33 or later. For request subaction to IEC 61883-1 FCP region, Linux FireWire subsystem have had an issue...
CVE-2023-53012
In the Linux kernel, the following vulnerability has been resolved: thermal: core: call putdevice only after deviceregister fails putdevice shouldn't be called before a prior call to deviceregister. thermalcoolingdeviceregister doesn't follow that properly and needs fixing. Also...
CVE-2025-21876
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix suspicious RCU usage Commit "iommu/vt-d: Allocate DMAR fault interrupts locally" moved the call to enabledrhdfaulthandling to a code path that does not hold any lock while traversing the drhd list. Fix it by...
CVE-2025-27609
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a request that, once transmitted to a victim's Icinga Web, allows to embed arbitrary Javascript into it and to act on...
Fedora 41 : dotnet8.0 (2025-adbd75f500)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-adbd75f500 advisory. This is the monthly update for .NET for March 2025. Release Notes: - SDK https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.14/8.0.114.md -...
CVE-2025-29787
zip is a zip library for rust which supports reading and writing of simple ZIP files. In the archive extraction routine of affected versions of the zip crate starting with version 1.3.0 and prior to version 2.3.0, symbolic links earlier in the archive are allowed to be used for later files in the...
CVE-2025-2361
A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument cmd leads to cross site scripting. The attack can be initiated remotely. The exploit has be...
CVE-2025-25292
ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely...
CVE-2025-21861
In the Linux kernel, the following vulnerability has been resolved: mm/migratedevice: don't add folio to be freed to LRU in migratedevicefinalize If migration succeeded, we called foliomigrateflags-memcgroupmigrate to migrate the memcg from the old to the new folio. This will set memcgdata of the...
CVE-2025-21864
In the Linux kernel, the following vulnerability has been resolved: tcp: drop secpath at the same time as we currently drop dst Xiumei reported hitting the WARN in xfrm6tunnelnetexit while running tests that boil down to: - create a pair of netns - run a basic TCP test over ipcomp6 - delete the...
Microsoft Patch Tuesday for March 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for March of 2025 which includes 57 vulnerabilities affecting a range of products, including 6 that Microsoft marked as "critical". There are six vulnerabilities that Microsoft has observed being exploited in the wild. CVE-2025-26633 is a Remoted...
CVE-2025-26627
creationtimestamp| type| source ---|---|--- 2025-03-11 16:39:36+00:00| seen| https://www.thezdi.com/blog/2025/3/11/the-march-2025-security-update-review 2025-03-11 20:08:28+00:00| seen| https://t.me/cvedetector/20115 2025-03-13 17:45:17+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7458...
CVE-2025-1550
The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...
CVE-2025-21837
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2024-58055
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ftcm: Don't free command immediately Don't prematurely free the command. Wait for the status completion of the sense status. It can be freed then. Otherwise we will double-free the command...
CVE-2025-21786
In the Linux kernel, the following vulnerability has been resolved: workqueue: Put the pwq after detaching the rescuer from the pool The commit 68f83057b913"workqueue: Reap workers via kthreadstop and remove detachcompletion" adds code to reap the normal workers but mistakenly does not handle the...
CVE-2022-49643
In the Linux kernel, the following vulnerability has been resolved: ima: Fix a potential integer overflow in imaappraisemeasurement When the ima-modsig is enabled, the rc passed to evmverifyxattr may be negative, which may cause the integer overflow problem...
CVE-2022-49564
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for DH Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scatterlist into a linea...
CVE-2022-49704
In the Linux kernel, the following vulnerability has been resolved: 9p: fix fid refcount leak in v9fsvfsgetlink we check for protocol version later than required, after a fid has been obtained. Just move the version check earlier...
CVE-2025-21626
GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the status.php endpoint. Version 10.0.18 contains a fix for the issue. Some workarounds are available. One may delete the status.p...