UBUNTU-CVE-2025-37854

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix mode1 reset crash issue If HW scheduler hangs and mode1 reset is used to recover GPU, KFD signal user space to abort the processes. After process abort exit, user queues still use the GPU to access system memory...

The vulnerability of software for integrating old and new technologies from IBM EntireX arises from incorrect restrictions on XML references to external objects, allowing attackers to disclose protected information.

The vulnerability of the software for integrating old and new technologies from IBM EntireX is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

Memory leak while accessing <base-url>label/<labelname> (label search) on objects created in io.micrometer.core.instrument.ImmutableTag

h3. Issue Summary Memory leak while accessing label/ label search on objects created in io.micrometer.core.instrument.ImmutableTag This is reproducible on the Data Center: yes h3. Steps to Reproduce Use the following script to search randomly for labels code:java while : do curl...

DEBIAN-CVE-2025-37764

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: fix firmware memory leaks Free the memory used to hold the results of firmware image processing when the module is unloaded. Fix the related issue of the same memory being leaked if processing of the firmware ima...

UBUNTU-CVE-2025-37764

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: fix firmware memory leaks Free the memory used to hold the results of firmware image processing when the module is unloaded. Fix the related issue of the same memory being leaked if processing of the firmware ima...

DEBIAN-CVE-2025-37754

In the Linux kernel, the following vulnerability has been resolved: drm/i915/huc: Fix fence not released on early probe errors HuC delayed loading fence, introduced with commit 27536e03271da "drm/i915/huc: track delayed HuC load with a fence", is registered with object tracker early on driver pro...

CVE-2025-37765

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix ttmbodelayeddelete oops Fix an oops in ttmbodelayeddelete which results from dererencing a dangling pointer: Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b7b: 0000 1...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a competitive condition vulnerability that stems from nftables not releasing stream rule objects in a timely manner, which could lead to a memory leak...

PT-2025-18517 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been resolved in the Linux kernel, specifically in the test gen synth cmd and test empty synth event functions. The issue occurred because these functions only...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP Financial Consolidation, SAP Landscape Transformation, SAP NetWeaver Application Server ABAP, SAP Commerce Cloud, SAP ERP BW, SAP BusinessObjects Business Intelligence Platform, SAP KMC WPC, SAP Solution Manager, SAP S4CORE, and SAP...

The vulnerability of the UnlockBufferingSettings method in the software for managing and monitoring removed objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, allows a hacker to circumvent security restrictions and gain access to write and read arbitrary files.

The vulnerability of the UnlockBufferingSettings method in the software for managing and monitoring removed objects in telemetry and telemechanics systems related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to bypass security...

The vulnerability of the LockDatabaseSettings method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a hacker to circumvent security restrictions and gain access to write and read arbitrary files.

The vulnerability of the LockDatabaseSettings method in software for managing and monitoring deleted objects in telemetry and telemechanics systems related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...

The vulnerability of the ImportConnectionVariables method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the ImportConnectionVariables method in software for managing and monitoring remote objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the...

The vulnerability of the GetActiveConnectionVariables method in the software for managing and monitoring remote objects in telemetry and telemechanics systems allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the GetActiveConnectionVariables method in software for managing and monitoring remote objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromis...

"Shifting Access Control Left" Using Asset and Goal Models

Access control needs have broad design implications, but access control specifications may be elicited before, during, or after these needs are captured. Because access control knowledge is distributed, we need to make knowledge asymmetries more transparent, and use expertise already available to...

CVE-2025-46398

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via readobjects function...

DEBIAN-CVE-2025-46398

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via readobjects function...

UBUNTU-CVE-2025-46398

Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via readobjects function...

CVE-2025-46398

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via readobjects function...

The vulnerability of the CreateProject method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the CreateProject method in the software for managing and monitoring removed objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a...