3051 matches found
CVE-2023-53013 ptdma: pt_core_execute_cmd() should use spinlock
In the Linux kernel, the following vulnerability has been resolved: ptdma: ptcoreexecutecmd should use spinlock The interrupt handler ptcoreirqhandler of the ptdma driver can be called from interrupt context. The code flow in this function can lead down to ptcoreexecutecmd which will attempt to...
DEBIAN-CVE-2025-30348
encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string with relocation of later data...
AZL-58948 CVE-2025-30348 affecting package qt5-qtbase for versions less than 5.12.11-16
encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string with relocation of later data...
UBUNTU-CVE-2025-30348
encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string with relocation of later data...
[SECURITY] Fedora 40 Update: php-8.3.19-1.fc40
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
[SECURITY] Fedora 41 Update: php-8.3.19-1.fc41
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
sagemaker-python-sdk 安全漏洞
sagemaker-python-sdk is an Amazon Web Services open source library for training and deploying machine learning models on Amazon SageMaker. A security vulnerability exists in sagemaker-python-sdk that stems from an MD5 hash collision in the SageMaker Workflow component that could result in workflo...
pcs security update
0.10.18-2.0.1.el810.4 - Replace HAM-logo.png with a generic one 0.10.18-2.el810.4 - Fixed CVE-2024-52804 by patching bundled Tornado Resolves: RHEL-81924...
The vulnerability of Google Chrome, related to errors in the user interface’s information representation, allows a perpetrator to replace the user interface.
The vulnerability of Google Chrome relates to errors in information representation by the user interface. Exploiting this vulnerability allows a malicious actor to replace the user interface with a specially created HTML page...
The vulnerability of Google Chrome’s user interface allows a perpetrator to replace the user interface.
The vulnerability of Google Chrome’s user interface is related to an improper limitation on the visible layers of the user interface. Exploiting this vulnerability allows a malicious actor to replace the user interface with a specially created HTML page...
GHSA-HG9J-64WP-M9PX Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite
Summary A session hijacking vulnerability exists when an attacker-controlled authoritative subdomain under a parent domain e.g., subdomain.host.com sets cookies scoped to the parent domain .host.com. This allows session token replacement for applications hosted on sibling subdomains e.g.,...
CVE-2025-27794
Summary: CVE-2025-27794 affects Flarum versions prior to 1.8.10, where an attacker-controlled authoritative subdomain can set cookies for the parent domain, potentially enabling session hijacking on sibling subdomains. What is affected: Flarum core (pre-1.8.10) with cookies scoped to a parent dom...
CVE-2025-27789 Inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups
Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement...
PT-2025-9088 · WordPress · The Site Mailer – Smtp Replacement
Name of the Vulnerable Software and Affected Versions: The Site Mailer – SMTP Replacement, Email API Deliverability & Email Log plugin for WordPress versions prior to 1.2.3 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping...
CVE-2025-22495
An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. This could result in an authenticated high privileged user having the ability to execute arbitrary commands. The vulnerability has been resolved in the version 3.0.4. Note -...
DEBIAN-CVE-2022-49699
In the Linux kernel, the following vulnerability has been resolved: filemap: Handle sibling entries in filemapgetreadbatch If a read races with an invalidation followed by another read, it is possible for a folio to be replaced with a higher-order folio. If that happens, we'll see a sibling entry...
UBUNTU-CVE-2022-49401
In the Linux kernel, the following vulnerability has been resolved: mm/pageowner: use strscpy instead of strlcpy current-comm is not a string no guarantee for a zero byte in it. strlcpys1, s2, l is calling strlens2, potentially causing out-of-bound access, as reported by syzbot: detected buffer...
CVE-2022-49318
CVE-2022-49318 pertains to the Linux kernel f2fs subsystem. The vulnerability arises when Syzbot-triggered WARN_ONs in f2fs_is_valid_blkaddr (and __is_bitmap_valid) are triggered for DATA_GENERIC_ENHANCE or DATA_GENERIC_ENHANCE_READ when blkaddr is out of the expected range. The issue was resolve...
CVE-2022-49318
In the Linux kernel, the following vulnerability has been resolved: f2fs: remove WARNON in f2fsisvalidblkaddr Syzbot triggers two WARNs in f2fsisvalidblkaddr and isbitmapvalid. For example, in f2fsisvalidblkaddr, if type is DATAGENERICENHANCE or DATAGENERICENHANCEREAD, it invokes WARNON if blkadd...
CVE-2022-49267
...