691 matches found
UBUNTU-CVE-2025-43964
In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values...
CVE-2025-43964
Summary: CVE-2025-43964 affects LibRaw up to version 0.21.3, where tag 0x412 processing in phase_one_correct (decoders/load_mfbacks.cpp) does not enforce minimum w0 and w1 values, enabling out-of-bounds memory access. The connected advisory confirms the issue and notes a fix in LibRaw 0.21.4. Aff...
CVE-2025-43964
In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values...
Libraw å®å Øę¼ę“
Libraw is a C++ library from Libraw for processing RAWCRW/CR2,NEF,RAF,DNG,andothers format images, supporting various operating systems. A security vulnerability exists in Libraw versions prior to 0.21.4, which stems from the phaseonecorrect function in decoders/loadmfbacks.cpp not enforcing the...
CVE-2025-43964
In LibRaw before 0.21.4, tag 0x412 processing in phaseonecorrect in decoders/loadmfbacks.cpp does not enforce minimum w0 and w1 values...
SUSE CVE-2025-40014
In the Linux kernel, the following vulnerability has been resolved: objtool, spi: amd: Fix out-of-bounds stack access in amdsetspifreq If speedhz AMDSPIMINHZ, amdsetspifreq iterates over the entire amdspifreq array without breaking out early, causing 'i' to go beyond the array bounds. Fix that by...
CVE-2025-40014
In the Linux kernel, the following vulnerability has been resolved: objtool, spi: amd: Fix out-of-bounds stack access in amdsetspifreq If speedhz AMDSPIMINHZ, amdsetspifreq iterates over the entire amdspifreq array without breaking out early, causing 'i' to go beyond the array bounds. Fix that by...
DEBIAN-CVE-2025-40014
In the Linux kernel, the following vulnerability has been resolved: objtool, spi: amd: Fix out-of-bounds stack access in amdsetspifreq If speedhz AMDSPIMINHZ, amdsetspifreq iterates over the entire amdspifreq array without breaking out early, causing 'i' to go beyond the array bounds. Fix that by...
CVE-2025-40014 objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq()
In the Linux kernel, the following vulnerability has been resolved: objtool, spi: amd: Fix out-of-bounds stack access in amdsetspifreq If speedhz AMDSPIMINHZ, amdsetspifreq iterates over the entire amdspifreq array without breaking out early, causing 'i' to go beyond the array bounds. Fix that by...
DEBIAN-CVE-2025-22067
In the Linux kernel, the following vulnerability has been resolved: spi: cadence: Fix out-of-bounds array access in cdnsmrvlxspisetupclock If requestedclk 128, cdnsmrvlxspisetupclock iterates over the entire cdnsmrvlxspiclkdivlist array without breaking out early, causing 'i' to go beyond the arr...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to a floating-point exception in the PSStack::roll function. An attacker can cause the application to crash by providing malformed inputs associated with INTMIN. Remediation Upgrade poppler to version...
sctp: sysctl: rto_min/max: avoid using current->nsproxy
...
CVE-2025-27339
Cross-Site Request Forgery CSRF vulnerability in Will Anderson Minimum Password Strength minimum-password-strength allows Cross Site Request Forgery.This issue affects Minimum Password Strength: from n/a through = 1.2.0...
DEBIAN-CVE-2022-49271
In the Linux kernel, the following vulnerability has been resolved: cifs: prevent bad output lengths in smb2ioctlqueryinfo When calling smb2ioctlqueryinfo with smbqueryinfo::flags=PASSTHRUFSCTL and smbqueryinfo::outputbufferlength=0, the following would return 0x10 buffer = memdupuserarg +...
UBUNTU-CVE-2022-49596
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpminsndmss. While reading sysctltcpminsndmss, it can be changed concurrently. Thus, we need to add READONCE to its readers...
CVE-2022-49596 tcp: Fix data-races around sysctl_tcp_min_snd_mss.
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpminsndmss. While reading sysctltcpminsndmss, it can be changed concurrently. Thus, we need to add READONCE to its readers...
CVE-2025-27339
Cross-Site Request Forgery CSRF vulnerability in Will Anderson Minimum Password Strength minimum-password-strength allows Cross Site Request Forgery.This issue affects Minimum Password Strength: from n/a through = 1.2.0...
WordPress Minimum Password Strength Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Minimum Password Strength versions = 1.2.0...
CVE-2025-27339
CVE-2025-27339 documents a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Minimum Password Strength, affecting versions up to 1.2.0. The CVSS base metrics reported (CVSS 3.1, vector AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) indicate a Medium severity (score 4.3) with user inte...
CVE-2025-27339 WordPress Minimum Password Strength Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Will Anderson Minimum Password Strength minimum-password-strength allows Cross Site Request Forgery.This issue affects Minimum Password Strength: from n/a through = 1.2.0...