28993 matches found
CVE-2025-68742 bpf: Fix invalid prog->stats access when update_effective_progs fails
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix invalid prog-stats access when updateeffectiveprogs fails Syzkaller triggers an invalid memory access issue following fault injection in updateeffectiveprogs. The issue can be described as follows: cgroupbpfdetach...
CVE-2025-68742
CVE-2025-68742: In the Linux kernel, a fault injection in update_effective_progs can cause a BPF prog to be replaced with a dummy prog, leading to a NULL dereference when a softirq runs and accesses prog->stats. The fix prevents updating stats if stats is NULL, avoiding the invalid memory acce...
CVE-2025-68355
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix exclusive map memory leak When exclproghash is 0 and exclproghashsize is non-zero, the map also needs to be freed. Otherwise, the map memory will not be reclaimed, just like the memory leak problem reported by syzbot 1...
UBUNTU-CVE-2025-68355
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix exclusive map memory leak When exclproghash is 0 and exclproghashsize is non-zero, the map also needs to be freed. Otherwise, the map memory will not be reclaimed, just like the memory leak problem reported by syzbot 1...
PT-2025-53008
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw where an invalid memory access can occur following fault injection in the update effective progs function. This issue arises when fault injection causes...
PT-2025-53163
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.0 4 Description The Linux kernel contained a flaw related to the handling of recursion checks within the Berkeley Packet Filter BPF subsystem. Specifically, the preempt count sub,add functions were called aft...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from accessing invalid prog-stats when updateeffectiveprogs fails, which could result in invalid memory accesses...
CVE-2025-65410
A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service DoS via injecting a crafted input into the filename parameter...
CVE-2023-53954
ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files directories can inject a malicious ActSrvNT.exe executable to...
[SECURITY] Fedora 42 Update: util-linux-2.40.4-8.fc42
The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program...
CVE-2023-53954 ActFax 10.10 Unquoted Path Services Privilege Escalation Vulnerability
ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files directories can inject a malicious ActSrvNT.exe executable to...
EUVD-2025-204605
ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files directories can inject a malicious ActSrvNT.exe executable to...
CVE-2023-53954 ActFax 10.10 Unquoted Path Services Privilege Escalation Vulnerability
ActFax 10.10 contains an unquoted service path vulnerability that allows local attackers to potentially escalate privileges by exploiting the ActiveFaxServiceNT service configuration. Attackers with write permissions to Program Files directories can inject a malicious ActSrvNT.exe executable to...
EUVD-2025-204176
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Otaku otaku allows PHP Local File Inclusion.This issue affects Otaku: from n/a through = 1.8.0...
EUVD-2025-204177
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Integro integro allows PHP Local File Inclusion.This issue affects Integro: from n/a through = 1.8.0...
CVE-2025-53433 WordPress EasyEat theme <= 1.9.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes EasyEat easyeat allows PHP Local File Inclusion.This issue affects EasyEat: from n/a through = 1.9.0...
NI LabVIEW 安全漏洞
NI LabVIEW National Instruments LabVIEW is a graphical program compilation platform from National Instruments NI. A security vulnerability exists in NI LabVIEW National Instruments LabVIEW version 2025 Q3 and earlier versions, which originates from a post-release reuse when parsing a corrupted VI...
PT-2025-52158
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in 8theme XStore xstore allows PHP Local File Inclusion.This issue affects XStore: from n/a through 9.6.1...
[SECURITY] Fedora 43 Update: util-linux-2.41.3-7.fc43
The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program...
CVE-2023-53886
Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application. Attackers can trigger the vulnerability by inserting 294 characters into the program execution configuration, causing a denial of service...