CVE-2023-53703

In the Linux kernel, the following vulnerability has been resolved: HID: amdsfh: Fix for shift-out-of-bounds Shift operation of 'exp' and 'shift' variables exceeds the maximum number of shift values in the u32 range leading to UBSAN shift-out-of-bounds. ... 6.120512 UBSAN: shift-out-of-bounds in...

EUVD-2024-54046

Malicious code in bioql PyPI...

EUVD-2024-53342

Malicious code in bioql PyPI...

CVE-2023-53419

In the Linux kernel, the following vulnerability has been resolved: rcu: Protect rcuprinttaskexpstall -exptasks access For kernels built with CONFIGPREEMPTRCU=y, the following scenario can result in a NULL-pointer dereference: CPU1 CPU2 rcupreemptdeferredqsirqrestore rcuprinttaskexpstall if...

CVE-2025-39834

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, Fix memory leak in hwsactiongetsharedstcnic error flow When an invalid stctype is provided, the function allocates memory for sharedstc but jumps to unlockandout without freeing it, causing a memory leak. Fix by...

CVE-2025-37993

In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanclassallocatedev: initialize spin lock on device probe The spin lock txhandlingspinlock in struct mcanclassdev is not being initialized. This leads the following spinlock bad magic complaint from the kernel, eg. wh...

CVE-2025-37944

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid entry fetch in ath12kdpmonsrngprocess Currently, ath12kdpmonsrngprocess uses ath12khalsrngsrcgetnextentry to fetch the next entry from the destination ring. This is incorrect because...

CVE-2023-53100 ext4: fix WARNING in ext4_update_inline_data

In the Linux kernel, the following vulnerability has been resolved: ext4: fix WARNING in ext4updateinlinedata Syzbot found the following issue: EXT4-fs loop0: mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. fscrypt: AES-256-CTS-CBC using implementation...

CVE-2025-38575

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use aeadrequestfree to match aeadrequestalloc Use aeadrequestfree instead of kfree to properly free memory allocated by aeadrequestalloc. This ensures sensitive crypto data is zeroed before being freed...

CVE-2025-22010

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup during bt pages loop Driver runs a for-loop when allocating bt pages and mapping them with buffer pages. When a large buffer e.g. MR over 100GB is being allocated, it may require a considerable loop coun...

CVE-2025-31286

An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Please note: this issue has already been addressed on the backend service and is no longer considered an active vulnerability...

CVE-2025-31286

An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Please note: this issue has already been addressed on the backend service and is no longer considered an active vulnerability...

CVE-2021-4454

CVE-2021-4454 - Linux kernel CAN/j1939 session deactivation race : The issue, resolved in Linux kernel CAN/j1939 transport, concerns j1939_session_deactivate() which can be invoked with a session ref-count below 2 in some concurrently-executed paths. The description notes that this is not a fatal...

CVE-2024-57908 affecting package kernel for versions less than 6.6.76.1-1

CVE-2024-57908 affecting package kernel for versions less than 6.6.76.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-27607 Python JSON Logger has a Potential RCE via missing `msgspec-python313-pre` dependency

Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party...

CVE-2022-49177

In the Linux kernel, the following vulnerability has been resolved: hwrng: cavium - fix NULL but dereferenced coccicheck error Fix following coccicheck warning: ./drivers/char/hwrandom/cavium-rng-vf.c:182:17-20: ERROR: pdev is NULL but dereferenced...

CVE-2024-57898 wifi: cfg80211: clear link ID from bitmap during link delete after clean up

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear link ID from bitmap during link delete after clean up Currently, during link deletion, the link ID is first removed from the validlinks bitmap before performing any clean-up operations. However, some functio...

CVE-2024-57895

CVE-2024-57895 affects the Linux kernel component ksmbd, where the code path for setting file times (mtime) would warn when ATTR_CTIME flags were not considered. The connected Azure Linux 3.0 security update notes that ksmbd was attempting to set atime/mtime via notify_change without setting ctim...

CVE-2024-56666

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Dereference null return value In the function pqmuninit there is a call-assignment of "pdd = kfdgetprocessdevicedata" which could be null, and this value was later dereferenced without checking...

CVE-2023-42955

Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role passwords in the...