CVE-2025-40294

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix OOB access in parseadvmonitorpattern In the parseadvmonitorpattern function, the value of the 'length' variable is currently limited to HCIMAXEXTADLENGTH251. The size of the 'value' array in the mgmtadvpatter...

UBUNTU-CVE-2025-40294

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix OOB access in parseadvmonitorpattern In the parseadvmonitorpattern function, the value of the 'length' variable is currently limited to HCIMAXEXTADLENGTH251. The size of the 'value' array in the mgmtadvpatter...

CVE-2025-40294 Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix OOB access in parseadvmonitorpattern In the parseadvmonitorpattern function, the value of the 'length' variable is currently limited to HCIMAXEXTADLENGTH251. The size of the 'value' array in the mgmtadvpatter...

CVE-2025-40294

CVE-2025-40294 concerns the Linux kernel Bluetooth MGMT path (parse_adv_monitor_pattern). The vulnerability stems from an OOB read when copying the patterns array: length is capped at 251 while the corresponding value buffer is only 31 bytes, allowing out-of-bounds access if pattern[i].length exc...

Linux Distros Unpatched Vulnerability : CVE-2025-40294

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: MGMT: Fix OOB access in parseadvmonitorpattern In the parseadvmonitorpattern function, the value of the 'length' variable is currently limited to...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unverified inode pattern loaded from disk, which could lead to data corruption...

PT-2025-49427

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s Bluetooth implementation within the parse adv monitor pattern function. The issue involves a potential out-of-bounds access when copying data into the...

CLSA-2025-1764958229 libxml2: Fix of CVE-2025-27113

CVE-2025-27113: fix NULL pointer dereference in xmlPatMatch in pattern.c...

Oracle Linux 9 : systemd (ELSA-2025-22660)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-22660 advisory. - coredump: use %d in kernel core pattern - CVE-2025-4598 Tenable has extracted the preceding description block directly from the Oracle Linux security advisor...

systemd security update

252-55.0.3.7 - serialize: don't allocate 1M on the stack just like that LINUX-16166 - Route logs from container mapped uids to the system journal Orabug: 38135007 - Drop delay when nspawn fails to reset loginuid Orabug: 37793135 - Improve logging for api bus connection and subscribers Orabug:...

qtsvg: Uncontrolled recursion in Qt SVG module

A stack overflow flaw has been discovered in the Qt SVG module. When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS...

qtsvg: Uncontrolled recursion in Qt SVG module

A stack overflow flaw has been discovered in the Qt SVG module. When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS...

Valibot has a ReDoS vulnerability in `EMOJI_REGEX`

Summary The EMOJIREGEX used in the emoji action is vulnerable to a Regular Expression Denial of Service ReDoS attack. A short, maliciously crafted string e.g., 100 characters can cause the regex engine to consume excessive CPU time minutes, leading to a Denial of Service DoS for the application...

Revive Adserver: Username Validation Bypass

Cricetinae Executive Summary The security patch in commit d239a0845e4f64fbacd25fff2854426734d43aa2 is INSUFFICIENT. Testing confirms that 3 out of 4 exploit vectors still bypass validation. --- Vulnerability Details Affected Component: Username validation in user registration/creation File:...

MGASA-2025-0294 Updated spdlog packages fix security vulnerability

Spdlog patternformatter-inl.h scopedpadder resource consumption. CVE-2025-6140...

Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks

Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial intelligence AI inference engines, including those from Meta, Nvidia, Microsoft, and open-source PyTorch projects such as vLLM and SGLang. "These vulnerabilities all traced back to t...

CVE-2025-47221

An arbitrary file write was found in Keyfactor SignServer versions prior to 7.3.2. The properties ARCHIVETODISKFILENAME-PATTERN, ARCHIVETODISKPATHBASE, ARCHIVETODISKPATHPATTERN can be set to any path, even ones that will point to files that already exist. This vulnerability gives a user with admi...

qtsvg: Use-after-free vulnerability in Qt SVG

A use after free flaw has been discovered in the Qt SVG library. The qsvghandler.cpp module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free...

Django: Potential SQL Injection when annotating FilteredRelation on PostgreSQL

A potential SQL injection vulnerability was discovered in Django's annotation of FilteredRelation on PostgreSQL. The vulnerability was caused by an incomplete regular expression filter in the FORBIDDENALIASPATTERN. This allowed user input to be interpreted as raw strings, potentially enabling the...

CVE-2025-52565 container escape due to /dev/console mount and related races

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...