Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from AMD PM not checking for null pointers...

Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124.

...

drm/amd/display: Check null pointers before used

...

drm/amd/display: Check null pointers before multiple uses

...

genirq/irq_sim: Initialize work context pointers properly

...

lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure

...

CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...

ALPINE-CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...

DEBIAN-CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...

CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...

CVE-2025-57052

cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decodearrayindexfrompointer function in cJSONUtils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the decodearrayindexfrompointer function when processing crafted JSON pointer strings. An attacker can cause a denial of service and unexpected behavior by supplying inputs with non-digit character...

GHSA-3632-54Q8-M96X arenavec has multiple memory corruption vulnerabilities in safe APIs

The crate has the following vulnerabilities: - The public trait arenavec::common::AllocHandle allows the return of raw pointers through its methods allocate and allocateorextend. However, the trait is not marked as unsafe, meaning users of the crate may implement it under the assumption that the...

arenavec has multiple memory corruption vulnerabilities in safe APIs

The crate has the following vulnerabilities: - The public trait arenavec::common::AllocHandle allows the return of raw pointers through its methods allocate and allocateorextend. However, the trait is not marked as unsafe, meaning users of the crate may implement it under the assumption that the...

Linux Distros Unpatched Vulnerability : CVE-2025-38675

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: xfrm: state: initialize stateptrs earlier in xfrmstatefind In case of preemption,...

Oxford Instruments Imaris Viewer 缓冲区错误漏洞

Oxford Instruments Imaris Viewer is a software for viewing and analyzing biomedical image data from Oxford Instruments, UK. A buffer error vulnerability exists in Oxford Instruments Imaris Viewer that stems from uninitialized pointers when parsing IMS files, which could lead to remote code...

PT-2025-46610

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s IPv6 implementation within the ip6 xmit function. The issue stems from a use-after-free condition that can occur due to improper handling of device...

Linux Distros Unpatched Vulnerability : CVE-2018-25103

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There exists use-after-free vulnerabilities in lighttpd = 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not...

Linux Distros Unpatched Vulnerability : CVE-2023-39316

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple integer overflow vulnerabilities exist in the LXT2 numdictentries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrar...

Linux Distros Unpatched Vulnerability : CVE-2025-37952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: Fix UAF in closefiletableids A use-after-free is possible if one thread destroys the file via ksmbdclosefd while another thread holds a reference to it...