CVE-2022-49788 misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()

In the Linux kernel, the following vulnerability has been resolved: misc/vmwvmci: fix an infoleak in vmcihostdoreceivedatagram struct vmcieventqp allocated by qpnotifypeer contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in...

CVE-2022-49775 tcp: cdg: allow tcp_cdg_release() to be called multiple times

In the Linux kernel, the following vulnerability has been resolved: tcp: cdg: allow tcpcdgrelease to be called multiple times Apparently, mptcp is able to call tcpdisconnect on an already disconnected flow. This is generally fine, unless current congestion control is CDG, because it might trigger...

CVE-2022-49774 KVM: x86/xen: Fix eventfd error handling in kvm_xen_eventfd_assign()

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/xen: Fix eventfd error handling in kvmxeneventfdassign Should not call eventfdctxput in case of error. Introduce new goto target instead. - Paolo...

GHSA-8X27-JWJR-8545 SQL injection in ADOdb PostgreSQL driver pg_insert_id() method

Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pginsertid with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario. Impact PostgreSQL...

CVE-2025-37742

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of imap allocated in the diMount function syzbot reports that hexdumptobuffer is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in...

UBUNTU-CVE-2025-23149

In the Linux kernel, the following vulnerability has been resolved: tpm: do not start chip while suspended Checking TPMCHIPFLAGSUSPENDED after the call to tpmfindgetops can lead to a spurious tpmchipstart call: 35985.503771 i2c i2c-1: Transfer while suspended 35985.503796 WARNING: CPU: 0 PID: 74 ...

CVE-2025-37747

In the Linux kernel, the following vulnerability has been resolved: perf: Fix hang while freeing sigtrap event Perf can hang while freeing a sigtrap event if a related deferred signal hadn't managed to be sent before the file got closed: perfeventoverflow taskworkaddperfpendingtask fput...

PT-2025-18477 · D Link · D-Link Dir-816

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 version A2V1.1.0B05 Description: The issue is related to a command injection in iptablesWebsFilterRun, allowing remote attackers to execute arbitrary commands via the shell. This enables attackers to potentially gain unauthoriz...

PT-2025-18666 · Totolink · Totolink Ca600-Poe

Name of the Vulnerable Software and Affected Versions: TOTOLINK CA600-PoE version 5.3c.6665 B20180820 Description: The issue is related to a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This allows attackers to execute arbitrary commands via a crafte...

PT-2025-18346 · NetGear · Netgear Ex6200

Name of the Vulnerable Software and Affected Versions: Netgear EX6200 version 1.0.3.94 Description: A critical issue has been found in the Netgear EX6200, affecting the function sub 3D0BC. The manipulation of the host argument leads to a buffer overflow. This issue can be exploited remotely. The...

PT-2025-18573 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.1.0-rc3-syzkaller-00175-g1118b2049d77 Description: A vulnerability has been resolved in the Linux kernel. The issue is related to the napi schedule prep function, which must be called to ensure ownership of a...

PT-2025-18711 · Alanbinu007 · Spring-Boot-Advanced-Projects

Name of the Vulnerable Software and Affected Versions: AlanBinu007 Spring-Boot-Advanced-Projects versions up to 3.1.3 Description: A critical vulnerability was found in AlanBinu007 Spring-Boot-Advanced-Projects, affecting the function uploadUserProfileImage of the file...

PT-2025-18492 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.0.0 Description: A double-free vulnerability has been identified in the Linux kernel, specifically in the tcp cdg release function. This issue can be triggered when mptcp calls tcp disconnect on an already...

PT-2025-18493 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the macvlan module. The issue is that macvlan does not enforce a consistent minimal MTU Maximum Transmission Unit of 6...

PT-2025-18505 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability has been resolved in the Linux kernel, specifically in the vmci host do receive datagram function. The issue is related to an information leak, where the struct vmci...

PT-2025-18542

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc3+ Description A vulnerability in the Linux kernel has been resolved, specifically in the ata tport add function. The return value of transport add device is not checked, resulting in a null pointer...

PT-2025-18633 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fix of the NULL pointer dereference in rose send frame Description: A NULL pointer dereference issue was found in the Linux kernel, specifically in the rose send frame function. This issue was reported by...

PT-2025-18585 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.11 Description: A vulnerability has been resolved in the Linux kernel. The issue is related to the phy: ralink: mt7621-pci driver, where a sentinel was added to the quirks table. With the correction of the...

PT-2025-18541

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc3+ Description A vulnerability in the Linux kernel has been resolved, specifically in the libata-transport module. The issue arises from the lack of error handling in the ata tlink add function, where the...

PT-2025-18605 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.0.0 Description: The issue is related to the Linux kernel, specifically the arm64 architecture. It involves the function cortex a76 erratum 1463225 debug handler, which is called when handling debug exceptions...