CVE-2022-49272

CVE-2022-49272 affects the Linux kernel in ALSA: pcm code. The root cause is a potential AB/BA deadlock between PCM runtime→buffer_mutex and mm→mmap_lock triggered by concurrent access via ALSA and OSS during read/write and mmap/path IOCTLs. The fix replaces the buffer_mutex protection in read/wr...

CVE-2022-49215

In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race at socket teardown Fix a race in the xsk socket teardown code that can lead to a NULL pointer dereference splat. The current xsk unbind code in xskunbinddev starts by setting xs-state to XSKUNBOUND, sets xs-dev to...

CVE-2022-49196 powerpc/pseries: Fix use after free in remove_phb_dynamic()

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix use after free in removephbdynamic In removephbdynamic we use &phb-ioresource, after we've called deviceunregister&hostbridge-dev. But the unregister may have freed phb, because pcibiosfreecontrollerdeferred ...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: helm, ytt, nri-rabbitmq, shfmt, terraform-docs, gke-gcloud-auth-plugin, thanos-operator, oras, flux, dockerize, slsa-verifier, envoy-ratelimit, scorecard, hello-world-golang, kube-state-metrics, kubewatch, newrelic-infrastructure-agent, dagger, litefs, nats, sbomqs,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: helm, ytt, nri-rabbitmq, shfmt, terraform-docs, gke-gcloud-auth-plugin, thanos-operator, oras, flux, dockerize, slsa-verifier, envoy-ratelimit, scorecard, hello-world-golang, kube-state-metrics, kubewatch, newrelic-infrastructure-agent, dagger, litefs, nats, sbomqs,...

CVE-2023-25574

jupyterhub-ltiauthenticator is a JupyterHub authenticator for learning tools interoperability LTI. LTI13Authenticator that was introduced in jupyterhub-ltiauthenticator 1.3.0 wasn't validating JWT signatures. This is believed to allow the LTI13Authenticator to authorize a forged request. Only use...

Combodo iTop 跨站脚本漏洞

Combodo iTop is a set of open source web applications developed by Combodo France based on ITIL and used for the daily operation of IT environments. The program provides incident management, configuration management, and problem management. A cross-site scripting vulnerability exists in Combodo...

Medium: python3

Issue Overview: The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. CVE-2024-11168 There ...

CVE-2023-52926 io_uring/rw: split io_read() into a helper

In the Linux kernel, the following vulnerability has been resolved: IORINGOPREAD did not correctly consume the provided buffer list when read i/o returned 0 except for -EAGAIN and -EIOCBQUEUED return. This can lead to a potential use-after-free when the completion via iorwdone runs at separate...

Licensing - We encounter the error "Citrix license server unavailable" in Citrix Studio.

After successfully upgrading the Citrix licensing server to version 11.17.2 build 51000, we encounter the error "Citrix license server unavailable" in Citrix Studio. The error in Licensing Manager "The License Activation Service entitlement could not be retrieved, Check your connection to License...

CBL Mariner 2.0 Security Update: postgresql (CVE-2025-1094)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1094 advisory. - Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral,...

Low: gsl

Issue Overview: GSL GNU Scientific Library through 2.8 has an integer signedness error in gslsimansolvemany in siman/siman.c. When params.ntries is negative, incorrect memory allocation occurs. CVE-2024-50610 Affected Packages: gsl Issue Correction: Run dnf update gsl --releasever 2023.6.20250218...

CVE-2024-49344

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout...

PT-2025-25816

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to the handling of GPU clock frequency changes in the sunxi-ng h616 driver. The H616 manual does not support dynamic...

CVE-2023-45288 affecting package node-problem-detector for versions less than 0.8.15-4

CVE-2023-45288 affecting package node-problem-detector for versions less than 0.8.15-4. A patched version of the package is available...

CVE-2022-31631

CVE-2022-31631 affects PHP versions where PDO::quote() on SQLite can misquote long input, enabling potential SQL injection. Affected: PHP 8.0.x before 8.0.27, 8.1.x before 8.1.15, and 8.2.x before 8.2.2. The issue stems from incorrect quoting in the SQLite path, as documented in multiple advisori...

CVE-2022-31631

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...

CVE-2022-31631

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

CVE-2022-3180

The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...