CVE-2025-40358

CVE-2025-40358 involves the Linux kernel on the RISC-V architecture. The issue arises when unwinding the stack of a non-current task, where KASAN incorrectly reports a bug (“BUG: KASAN: out-of-bounds in walk_stackframe+0x41c/0x460”). A related fix exists for x86 (commit 84936118bdf3) and the patc...

EUVD-2022-42784

Malicious code in bioql PyPI...

Oracle Linux 10 : icu (ELSA-2025-11888)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-11888 advisory. - Resolves: rhbz1646703 CVE-2018-18928 - Resolves: rhbz1524820 CVE-2017-17484 - Resolves: rhbz1510932 CVE-2017-14952 - Resolves: rhbz1444101 CVE-2017-7867...

CVE-2025-38457 net/sched: Abort __tc_modify_qdisc if parent class does not exist

In the Linux kernel, the following vulnerability has been resolved: net/sched: Abort tcmodifyqdisc if parent class does not exist Lion's patch 1 revealed an ancient bug in the qdisc API. Whenever a user creates/modifies a qdisc specifying as a parent another qdisc, the qdisc API will, during...

CVE-2025-38430

In the Linux kernel, the following vulnerability has been resolved: nfsd: nfsd4spomustallow must check this is a v4 compound request If the request being processed is not a v4 compound request, then examining the cstate can have undefined results. This patch adds a check that the rpc procedure...

CVE-2025-38223

In the Linux kernel, the following vulnerability has been resolved: ceph: avoid kernel BUG for encrypted inode with unaligned file size The generic/397 test hits a BUGON for the case of encrypted inode with unaligned file size for example, 33K or 1K: 877.737811 run fstests generic/397 at 2025-01-...

CVE-2023-45160

In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locke...

UBUNTU-CVE-2025-37935

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: fix SER panic with 4GB+ RAM If the mtkpollrx function detects the MTKRESETTING flag, it will jump to releasedesc and refill the high word of the SDP on the 4GB RFB. Subsequently, mtkrxclean will process ...

CVE-2023-53083

In the Linux kernel, the following vulnerability has been resolved: nfsd: don't replace page in rqpages if it's a continuation of last page The splice read calls nfsdspliceactor to put the pages containing file data into the svcrqst-rqpages array. It's possible however to get a splice result that...

GHSA-892P-PQRR-HXQR Information Disclosure via Flags override link

Summary An information disclosure vulnerability affecting Flags SDK has been addressed. It impacted flags ≤3.2.0 and @vercel/flags ≤3.1.1 and in certain circumstances, allowed a bad actor with detailed knowledge of the vulnerability to list all flags returned by the flags discovery endpoint...

CVE-2022-49769 gfs2: Check sb_bsize_shift after reading superblock

In the Linux kernel, the following vulnerability has been resolved: gfs2: Check sbbsizeshift after reading superblock Fuzzers like to scribble over sbbsizeshift but in reality it's very unlikely that this field would be corrupted on its own. Nevertheless it should be checked to avoid the...

CVE-2025-21892

CVE-2025-21892 affects the Linux kernel's RDMA mlx5 driver, specifically the UMR QP recovery path. A race during recovery could cause the firmware to skip flushing some CQEs with errors and discard them when transitioning to RESET, potentially losing CQEs and leaving tasks blocked. The referenced...

CVE-2025-21726

In the Linux kernel, the following vulnerability has been resolved: padata: avoid UAF for reorderwork Although the previous patch can avoid ps and ps UAF for doserial, it can not avoid potential UAF issue for reorderwork. This issue can happen just as below: cryptorequest cryptorequest cryptodela...

CVE-2022-49635

In the Linux kernel, the following vulnerability has been resolved: drm/i915/selftests: fix subtraction overflow bug On some machines holeend can be small enough to cause subtraction overflow. On the other side addr + 2 minalignment can overflow in case of mock tests. This patch should handle bot...

ZDI-11-234: Trend Micro Control Manager CasLogDirectInsertHandler.cs Remote Code Execution Vulnerability

ZDI-11-234: Trend Micro Control Manager CasLogDirectInsertHandler.cs Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-234 July 11, 2011 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Trend Micro -- Affected Products: Trend Micro Control Manager -...

[security bulletin] SSRT4773 HP-UX xfs and stmkfont remote unauthorized access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBUX01061 REVISION: 0 TITLE: SSRT4773 rev.0 HP-UX xfs and stmkfont remote unauthorized access NOTICE: There are no restrictions for distribution of this Bulletin provided that it remains complete and intact. The information in...