DRUPAL-CONTRIB-2025-081

The CKEditor5 Youtube module enhances content creation in Drupal by seamlessly integrating YouTube video embedding into the CKEditor 5 text editor. The module doesn't sufficiently validate iframe sources under the scenario where a user embeds a video using the CKEditor YouTube integration leading...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITESAME No Data Buffer crash In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out. If this bit is set using commands like...

The vulnerability of the handle_ksmbd_work() function in the fs/sm module of the Linux operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the handleksmbdwork function in the fs/sm module of the Linux operating system is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protecte...

DRUPAL-CONTRIB-2025-064

This module provides a block to easily display a rendered node. The module doesn't check access to content before displaying it to a visitor, allowing unauthorized users to retrieve a list of labels of all nodes...

Important: Red Hat Security Advisory: kpatch-patch-5_14_0-503_15_1 and kpatch-patch-5_14_0-503_26_1 security update

An update for kpatch-patch-5140-503151 and kpatch-patch-5140-503261 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Important: Red Hat Security Advisory: kpatch-patch-5_14_0-427_13_1, kpatch-patch-5_14_0-427_31_1, kpatch-patch-5_14_0-427_44_1, and kpatch-patch-5_14_0-427_55_1 security update

An update for kpatch-patch-5140-427131, kpatch-patch-5140-427311, kpatch-patch-5140-427441, and kpatch-patch-5140-427551 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that originates from a kernel file system module file read permission bypass, which can be exploited b...

CVE-2022-49430

The CVE-2022-49430 entry affects the Linux kernel in the gpio_keys controller. The issue arises from canceling a delayed work handle when the gpio_keys module unloads and an interrupt pin is used instead of GPIO; the module initializes delayed work only for GPIO-backed paths and not for interrupt...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from anonymous init and exit functions in the virtioconsole module that could lead to obfuscation or ambiguity...

[SECURITY] Fedora 40 Update: nginx-mod-vts-0.2.3-3.fc40

Nginx virtual host traffic status module...

firefox: Compartment mismatch when parsing JavaScript JSON module

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free...

ROS-20241203-06

Vulnerability of coretable/dynamic module of Moodle virtual learning environment is related to access control flaws in access control. Exploitation of the vulnerability could allow an attacker acting remotely, gain unauthorized access to protected information...

hull.js Code Injection Vulnerability

Versions of the library from 0.2.2 to 1.0.9 are vulnerable to the arbitrary code execution due to unsafe usage of new Function... in the module that handles points format. Applications passing the 3rd parameter to the hull function without sanitising may be impacted. The vulnerability has been...

CVE-2024-36610

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

kernel security update

5.14.0-503.15.15.OL9 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

CVE-2024-53072

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Detect when STB is not available Loading the amdpmc module as: amdpmc enablestb=1 ...can result in the following messages in the kernel ring buffer: amdpmc AMDI0009:00: SMU cmd failed. err: 0xff ioremap on R...

CVE-2024-53072

CVE-2024-53072 affects the Linux kernel, specifically the platform/x86/amd/pmc component. The issue arises when STB is requested via amd_pmc enable_stb=1 and S2D_PHYS_ADDR_LOW/HIGH return 0, indicating STB is inaccessible. This causes ioremap warnings in arch/x86/mm/ioremap.c and can lead to kern...

CVE-2024-50173

Technical details about CVE-2024-50173 are not publicly provided in the supplied documents. The advisories reference the issue but do not disclose exact affected products/versions, root cause, impact specifics, or fixes. Monitor for updates.

CVE-2024-51736

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named cmd.exe is located in the current working directory it will be called by the Process class when preparing command arguments, leading to possible hijackin...

CVE-2024-49894

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in degamma hardware format translation Fixes index out of bounds issue in cmhelpertranslatecurvetodegammahwformat function. The issue could occur when the index 'i' exceeds the number of...