CVE-2025-52574

SysmonElixir (Elixir) contains a path-traversal vulnerability in the /read endpoint. Prior to version 1.0.1, this endpoint could read arbitrary files from the server filesystem (including /etc/passwd). In version 1.0.1, a whitelist was added to restrict reads to files under priv/data, and the iss...

CVE-2024-35221

Rubygems.org is the Ruby community's gem hosting service. A Gem publisher can cause a Remote DoS when publishing a Gem. This is due to how Ruby reads the Manifest of Gem files when using Gem::Specification.fromyaml. fromyaml makes use of SafeYAML.load which allows YAML aliases inside the YAML-bas...

CVE-2024-31465

XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type XWiki.SearchSuggestSourceClass to their user profile or any other page...

CVE-2024-47050

Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable...

CVE-2021-37682

TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. For example. The issue stems from the fact that quantization.params is only valid if quantization.type is different that...

CVE-2021-37642

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.ResourceScatterDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case...

CVE-2021-37669

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.NonMaxSuppressionV5 by triggering a division by 0. The implementation uses a user controlled argument to resize a...

CVE-2025-37813

CVE-2025-37813 concerns the Linux kernel USB xHCI Etron workaround. The vulnerability arises in the enqueue path during the Etron workaround where code can dereference a pointer after enqueuing to the final link TRB, and then access pointer + 1, which can crash the kernel or cause a NOOP in the l...

CVE-2023-53110 net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler()

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix NULL sndbufdesc in smccdctxhandler When performing a stress test on SMC-R by rmmod mlx5ib driver during the wrk/nginx test, we found that there is a probability of triggering a panic while terminating all link groups...

CVE-2022-49762 ntfs: check overflow when iterating ATTR_RECORDs

In the Linux kernel, the following vulnerability has been resolved: ntfs: check overflow when iterating ATTRRECORDs Kernel iterates over ATTRRECORDs in mft record in ntfsattrfind. Because the ATTRRECORDs are next to each other, kernel can get the next ATTRRECORD from end address of current...

CVE-2025-32958

Adept (prior to commit a1a41b7) exposed the GITHUB_TOKEN via the mac-standalone artifact created by remoteBuild.yml using actions/upload-artifact@v4. The artifact was a zip of the current directory that included the generated .git/config containing the run’s token, enabling an attacker to extract...

PT-2025-22269

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue involved the use of invalid USB device pointers after a Type-C partner disconnects. To address this, a patch was applied ...

CVE-2024-10650

An unauthenticated Denial of Service DoS vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups...

AZL-57971 CVE-2025-21782 affecting package kernel for versions less than 6.6.79.1-1

In the Linux kernel, the following vulnerability has been resolved: orangefs: fix a oob in orangefsdebugwrite I got a syzbot report: slab-out-of-bounds Read in orangefsdebugwrite... several people suggested fixes, I tested Al Viro's suggestion and made this patch...

CVE-2022-49288 ALSA: pcm: Fix races among concurrent prealloc proc writes

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent prealloc proc writes We have no protection against concurrent PCM buffer preallocation changes via proc files, and it may potentially lead to UAF or some weird problem. This patch applies the...

CVE-2025-1373

A vulnerability was found in FFmpeg up to 7.1. It has been rated as problematic. Affected by this issue is the function movreadtrak of the file libavformat/mov.c of the component MOV Parser. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: udf: The use of uninit-value in udfgetfileshortad has been fixed. A check for overflow was added when calculating alen in udfcurrentaext, to mitigate potential issues with uninit-value usage in udfgetfileshortad. This is related ...

CVE-2021-37635

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The implementation fails to validate that each reduction group does not overfl...

CVE-2022-46157

Akeneo PIM is an open source Product Information Management PIM. Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Akeneo PIM Community Edition after the versions...

CLSA-2024-1730919636 Fix CVE(s): CVE-2024-32021

SECURITY UPDATE: Race condition when hardlinking file from the source repository into the destination file in the target repository. - debian/patches/CVE-2024-32021.patch: builtin/clone: abort when hardlinked source and target file differ - CVE-2024-32021...