PT-2025-44795

Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description The KMIP response parser within MongoDB binaries is susceptible to parsing malformed packets with excessive tolerance, potentially creating invalid objects. Subsequent reads of these objects...

MongoDB -- Improper Check for Unusual or Exceptional Conditions

https://jira.mongodb.org/browse/SERVER-101230 reports: The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix NPD in arp,neighreduce when using nexthop objects When the "proxy" option is enabled on a VXLAN device, the device will suppress ARP requests and IPv6 Neighbor Solicitation messages if it is able to reply on behalf of...

Updated transfig packages fix security vulnerabilities

fig2dev stack-overflow. CVE-2025-46397 fig2dev stack-overflow via readobjects. CVE-2025-46398 fig2dev segmentation fault vulnerability. CVE-2025-46399 fig2dev segmentation fault in readarcobject. CVE-2025-46400...

MGASA-2025-0253 Updated transfig packages fix security vulnerabilities

fig2dev stack-overflow. CVE-2025-46397 fig2dev stack-overflow via readobjects. CVE-2025-46398 fig2dev segmentation fault vulnerability. CVE-2025-46399 fig2dev segmentation fault in readarcobject. CVE-2025-46400...

SUSE CVE-2025-40086

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds An array of VM binds can potentially evict other buffer objects BOs within the same VM under certain conditions, which may lead to NULL pointer dereferences late...

CVE-2025-57109

Kitware VTK Visualization Toolkit 9.5.0 is vulnerable to Heap Use-After-Free in vtkGLTFImporter::ImportActors. When processing GLTF files with invalid scene node references, the application accesses string members of mesh objects that have been previously freed during actor import operations...

EUVD-2025-36992

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds An array of VM binds can potentially evict other buffer objects BOs within the same VM under certain conditions, which may lead to NULL pointer dereferences late...

Improper Input Sanitization

github.com/mattermost/mattermost-server is vulnerable to improper input sanitization. The vulnerability is due to insufficient sanitization of user data during shared channel membership synchronization, which allows an attacker from a malicious or compromised remote cluster to access sensitive us...

CVE-2025-40086

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds An array of VM binds can potentially evict other buffer objects BOs within the same VM under certain conditions, which may lead to NULL pointer dereferences late...

UBUNTU-CVE-2025-40086

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds An array of VM binds can potentially evict other buffer objects BOs within the same VM under certain conditions, which may lead to NULL pointer dereferences late...

CVE-2025-40086 drm/xe: Don't allow evicting of BOs in same VM in array of VM binds

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds An array of VM binds can potentially evict other buffer objects BOs within the same VM under certain conditions, which may lead to NULL pointer dereferences late...

CVE-2025-40086 drm/xe: Don't allow evicting of BOs in same VM in array of VM binds

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds An array of VM binds can potentially evict other buffer objects BOs within the same VM under certain conditions, which may lead to NULL pointer dereferences late...

CVE-2025-40086

CVE-2025-40086 affects the Linux kernel DRM XE path. An array of VM binds could evict other buffer objects (BOs) within the same VM, potentially causing NULL pointer dereferences in the bind pipeline. The fix clears the allow_res_evict flag in xe_bo_validate (and there was a follow‑up commit that...

CVE-2025-40086

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds An array of VM binds can potentially evict other buffer objects BOs within the same VM under certain conditions, which may lead to NULL pointer dereferences late...

[SECURITY] Fedora 42 Update: qt6-qtwebchannel-6.9.3-1.fc42

The Qt WebChannel module provides a library for seamless integration of C++ and QML applications with HTML/JavaScript clients. Any QObject can be published to remote clients, where its public API becomes available...

[SECURITY] Fedora 42 Update: qt6-qtremoteobjects-6.9.3-1.fc42

Qt Remote Objects QtRO is an inter-process communication IPC module devel oped for Qt...

PT-2025-44376

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel’s DRM/XE subsystem where an array of VM binds could potentially evict other buffer objects BOs within the same VM under specific conditions. This coul...

Linux Distros Unpatched Vulnerability : CVE-2025-40086

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/xe: Don't allow evicting of BOs in same VM in array of VM binds An array of VM binds can potentially evict other buffer objects BOs within the same VM under...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from allowing BOs to be evicted in the same VM, potentially leading to null pointer dereferencing...