CVE-2025-40288

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Previously, APU platforms and other scenarios with uninitialized VRAM managers triggered a NULL pointer dereference in ttmresourcemanagerusage. The root cause...

CVE-2025-40288 drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Previously, APU platforms and other scenarios with uninitialized VRAM managers triggered a NULL pointer dereference in ttmresourcemanagerusage. The root cause...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unhidden VRAM sysfs attribute of a VRAM-less GPU, which could lead to a system crash...

GHSA-3P78-2X5R-GJPP vulnerabilities

Vulnerabilities for packages: gitlab-operator-fips...

GHSA-6V4W-CQRG-XV3G vulnerabilities

Vulnerabilities for packages: gitlab-operator-fips...

GHSA-475M-QJ5V-HVQ3 vulnerabilities

Vulnerabilities for packages: gitlab-operator-fips...

EUVD-2025-201455

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTEADDR, REMOTEPORT,...

USN-7909-4 linux-gcp, linux-gke, linux-gkeop vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S39...

OSV-2025-970 Heap-buffer-overflow in check_sync_pes

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=465802762 Crash type: Heap-buffer-overflow READ Crash state: checksyncpes Demux demuxprocessstream...

MGASA-2025-0316 Updated libraw, digikam & darktable packages fix security vulnerabilities

In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. CVE-2025-43961 In LibRaw before 0.21.4, phaseonecorrect in decoders/loadmfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult...

expat: Integer overflow in storeAtts in xmlparse.c

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...

CVE-2025-40264

The CVE-2025-40264 issue affects the Linux kernel be2net code path with OS2BMC. be_insert_vlan_in_pkt() could dereference a NULL wrb_params at the be_send_pkt_to_bmc() call site, due to the wrb_params not being passed from be_xmit(); this could lead to a NULL pointer dereference. The fix involves...

PT-2025-49101

Name of the Vulnerable Software and Affected Versions WebKitGTK affected versions not specified Description A flaw exists in WebKitGTK where processing malicious web content can lead to an unexpected process crash due to improper memory handling. Recommendations At the moment, there is no...

CVE-2025-66453 Rhino vulnerable high CPU usage and potential DoS when passing specific numbers to toFixed() function

Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small...

EUVD-2025-201013

Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small...

CVE-2025-20789

In GPU pdma, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117741; Issue ID: MSV-4538...

CVE-2025-20788

In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117735; Issue ID: MSV-4539...

ROS-20251203-14

MongoDB database management system vulnerability is related to DDL operation execution during query execution. query execution. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

FreeBSD : wolfssl -- multiple issues (ba02dfb6-ce31-11f0-a327-589cfc01894a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ba02dfb6-ce31-11f0-a327-589cfc01894a advisory. wolfSSL blog reports: This release includes multiple fixes across TLS 1.2, TLS 1.3, X25519,...

FreeBSD : MongoDB -- Improper Validation of Specified Quantity in Input (ea64d2ec-ced4-11f0-a958-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ea64d2ec-ced4-11f0-a958-b42e991fc52e advisory. https://jira.mongodb.org/browse/SERVER-108565 reports: Inconsistent object size validation in time seri...