6590 matches found
UBUNTU-CVE-2025-23160
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization On Mediatek devices with a system companion processor SCP the mtkscp structure has to be removed explicitly to avoid a resource leak. Fre...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an AMD errata traversal out of bounds in x86/cpu...
Inefficient Algorithmic Complexity
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the inputprocessorforphi4mm function. An attacker can cause the application to consume excessive resource...
Important: firefox
Issue Overview: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox 137, Firefox ESR 115.22, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9. CVE-2025-3028 A crafted URL containing specific Unico...
DejaVuzz: Disclosing Transient Execution Bugs with Dynamic Swappable Memory and Differential Information Flow Tracking Assisted Processor Fuzzing
Transient execution vulnerabilities have emerged as a critical threat to modern processors. Hardware fuzzing testing techniques have recently shown promising results in discovering transient execution bugs in large-scale out-of-order processor designs. However, their poor microarchitectural...
Lecms 安全漏洞
Lecms is a multi-million large data bearing web content management system developed by Lecms Inc. in PHP language. A security vulnerability exists in Lecms version 3.0.3, which originates from the password change processor component in file/index.php?my-password-ajax-1 is vulnerable to cross-site...
Regular Expression Denial of Service (ReDoS)
Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the token2json function in the processingdonut module. An attacker can cause high CPU usage and potential...
firefox: thunderbird: Use-after-free triggered by XSLTProcessor
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...
firefox: thunderbird: Use-after-free triggered by XSLTProcessor
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...
firefox: thunderbird: Use-after-free triggered by XSLTProcessor
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...
firefox: thunderbird: Use-after-free triggered by XSLTProcessor
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...
firefox: thunderbird: Use-after-free triggered by XSLTProcessor
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...
IBM POWER systems FSP 安全漏洞
IBM POWER systems FSP is a power systems flexible services processor from International Business Machines IBM. A security vulnerability exists in IBM POWER systems FSP versions V10.2.1030.0 and V10.3.1050.0, which stems from excessive privileges when executing commands, which could cause a local...
The vulnerability of the software URL processor for Cisco Webex App allows a perpetrator to execute arbitrary commands.
The vulnerability of the software URL processor for Cisco Webex App relates to the ability to download files from untrusted sources. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands when a user accesses a specially crafted link...
CVE-2025-38152
In the Linux kernel, the following vulnerability has been resolved: remoteproc: core: Clear tablesz when rprocshutdown There is case as below could trigger kernel dump: Use U-Boot to start remote processorrproc with resource table published to a fixed address by rproc. After Kernel boots up, stop...
CVE-2025-38152
CVE-2025-38152 affects the Linux kernel remoteproc subsystem. The root cause is the rproc_shutdown path not clearing rproc->table_sz, which allows a memcpy of loaded_table from rproc->cached_table to use a NULL rproc->cached_table after stopping, causing a kernel crash. The issue is repo...
CVE-2025-38152 remoteproc: core: Clear table_sz when rproc_shutdown
In the Linux kernel, the following vulnerability has been resolved: remoteproc: core: Clear tablesz when rprocshutdown There is case as below could trigger kernel dump: Use U-Boot to start remote processorrproc with resource table published to a fixed address by rproc. After Kernel boots up, stop...
CVE-2025-38152 remoteproc: core: Clear table_sz when rproc_shutdown
In the Linux kernel, the following vulnerability has been resolved: remoteproc: core: Clear tablesz when rprocshutdown There is case as below could trigger kernel dump: Use U-Boot to start remote processorrproc with resource table published to a fixed address by rproc. After Kernel boots up, stop...
CVE-2025-0467
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory...
CVE-2025-22047
CVE-2025-22047 affects the Linux kernel in the x86 AMD microcode path. The issue arises when verify_sha256_digest() fails and __apply_microcode_amd() does not propagate the failure properly, effectively returning a value that could be interpreted as success due to an incorrect -1 promotion. The f...