CVE-2025-22047

CVE-2025-22047 affects the Linux kernel in the x86 AMD microcode path. The issue arises when verify_sha256_digest() fails and __apply_microcode_amd() does not propagate the failure properly, effectively returning a value that could be interpreted as success due to an incorrect -1 promotion. The f...

CVE-2025-30697

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Panel Processor. Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft...

Oracle PeopleSoft 安全漏洞

Oracle PeopleSoft is a suite of enterprise human capital management solutions from Oracle Corporation USA. The product provides human capital management, financial management, supplier relationship management, and other capabilities.PeopleSoft Enterprise PeopleTools is one of the tools and...

OESA-2025-1420 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

OESA-2025-1419 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

OESA-2025-1418 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

PT-2025-20358

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null pointer dereference issue has been identified in the Linux kernel. The scpi cpufreq get rate function does not check if cpufreq cpu get raw returns NULL when the target CPU is not...

CVE-2025-21595

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service DoS. On all Junos OS and Junos OS Evolved...

nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()

...

SAMSUNG Semiconductor Mobile Processor 安全漏洞

SAMSUNG Semiconductor Mobile Processor is a semiconductor mobile processor from Samsung South Korea. A security vulnerability exists in SAMSUNG Semiconductor Mobile Processor versions prior to SMR-Apr-2025 Release 1, which stems from improper access control and could result in access to arbitrary...

The vulnerability of AMD64 Microcode in processor microcodes, related to insufficient validation of input data, allows attackers to compromise data integrity.

The vulnerability of AMD64 Microcode in processors relates to the improper handling of certain special address ranges with invalid device table entries. Exploiting this vulnerability can allow an attacker to compromise data integrity...

The vulnerability of AMD64 Microcode in processor microcodes, related to incorrect code generation, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of AMD64 Microcode in processors relates to incorrect code generation management. Exploiting this vulnerability can allow attackers to access confidential data, compromise its integrity, and cause service failures...

PT-2025-15614 · Samsung · Exynos 1080 Firmware +17

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor, Wearable Processor, and Modem Exynos versions 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400 Description: A Heap-based Out-of-Bounds Write...

cpython: python: Uncontrolled CPU resource consumption when in http.cookies module

A flaw was found in the http.cookies module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird ESR 128.9 MFSA 2025-24 bsc1240083 CVE-2025-3028: Use-after-free triggered by XSLTProcessor CVE-2025-3029: URL Bar Spoofing via non-BMP Unicode characters CVE-2025-3030: Memory safety bugs fixed in Firefox 137,...

firefox: thunderbird: Use-after-free triggered by XSLTProcessor

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...

Qualcomm Chipsets 资源管理错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A resource management error vulnerability exists in Qualcomm Chipsets that stems from a memory corruption that occurs when processing multiple IOCTL calls from HLOS to DSP...

PCMan FTP Server 安全漏洞

PCMan FTP Server is PCMan open source set of FTP server software. PCMan FTP Server suffers from a buffer overflow vulnerability that originates from an unknown feature in the EPSV command processor. No detailed vulnerability details are provided at this time...

The vulnerability in the software for optimizing and deploying AI-based application solutions from AMD Ryzen AI, related to integer overflow, allows attackers to compromise the integrity and accessibility of protected information.

The vulnerability of software for optimizing and deploying AI-based applications related to AMD Ryzen AI is associated with a numerical overflow condition. Exploiting this vulnerability can allow attackers to compromise the integrity and accessibility of protected information...

SUSE CVE-2025-21965

In the Linux kernel, the following vulnerability has been resolved: schedext: Validate prevcpu in scxbpfselectcpudfl If a BPF scheduler provides an invalid CPU outside the nrcpuids range as prevcpu to scxbpfselectcpudfl it can cause a kernel crash. To prevent this, validate prevcpu in...