CVE-2022-50738 vhost-vdpa: fix an iotlb memory leak

In the Linux kernel, the following vulnerability has been resolved: vhost-vdpa: fix an iotlb memory leak Before commit 3d5698793897 "vhost-vdpa: introduce asid based IOTLB" we called vhostvdpaiotlbunmapv, iotlb, 0ULL, 0ULL - 1 during release to free all the resources allocated when processing use...

CVE-2025-40338 ASoC: Intel: avs: Do not share the name pointer between components

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Do not share the name pointer between components By sharing 'name' directly, tearing down components may lead to use-after-free errors. Duplicate the name to avoid that. At the same time, update the order of...

EUVD-2023-59945

Malicious code in bioql PyPI...

UBUNTU-CVE-2023-53316

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: Free resources after unregistering them The DP component's unbind operation walks through the submodules to unregister and clean things up. But if the unbind happens because the DP controller itself is being removed,...

CVE-2022-50329

CVE-2022-50329 affects the Linux kernel’s block/bfq subsystem. The root cause was a use-after-free: bfqq could be freed in bfq_exit_icq_bfqq() and then used in bic_set_bfqq(), leading to UAF. The fix reorders operations by moving bfq_exit_bfqq() behind bic_set_bfqq(), preventing the invalid access.

CVE-2025-53105

Technical details beyond what is in the initial document are not publicly available in the provided materials. Monitor for updates on affected versions (10.0.0–10.0.18) and patch 10.0.19.

CVE-2025-38582

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix double destruction of rsvqp rsvqp may be double destroyed in error flow, first in freemrinit, and then in hnsroceexit. Fix it by moving the freemrinit call into hnsrocev2init. listdel corruption, ffff589732eb9b50-ne...

CVE-2022-4386

The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack...

Jenkins plugin Simple Queue 跨站请求伪造漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A cross-site reque...

icmp: change the order of rate limits

...

CVE-2024-47678 icmp: change the order of rate limits

In the Linux kernel, the following vulnerability has been resolved: icmp: change the order of rate limits ICMP messages are ratelimited : After the blamed commits, the two rate limiters are applied in this order: 1 host wide ratelimit icmpglobalallow 2 Per destination ratelimit inetpeer based In...

CVE-2023-29061

There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication...

CVE-2023-0730

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavefolderorder function. This makes it possible for unauthenticated attackers to invoke this function via...

Potential reentrance in claimRewards

Judge @GalloDaSballo has assessed the 1st item in QA Report 36 as Medium risk. The relevant finding follows: … POC IERC20tokensi.safeTransfermsg.sender, getting; rewardmsg.sendertokensi = 0; Considering there are exterTokens, it is possible that some token will provide reentry opportunities...

CVE-2015-7395

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for...