4650 matches found
CVE-2025-39857
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix one NULL pointer dereference in smcibissgneedsync BUG: kernel NULL pointer dereference, address: 00000000000002ec PGD 0 P4D 0 Oops: Oops: 0000 1 SMP PTI CPU: 28 UID: 0 PID: 343 Comm: kworker/28:1 Kdump: loaded Tainte...
CVE-2025-39845
CVE-2025-39845 : In the Linux kernel, the patch defines ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() to ensure page-table synchronization when calling p*d_populate_kernel(). For 5-level paging, synchronization uses pgd_populate_kernel(); for 4-level paging, pgd_populate() is a no-op ...
CVE-2025-39844 mm: move page table sync declarations to linux/pgtable.h
In the Linux kernel, the following vulnerability has been resolved: mm: move page table sync declarations to linux/pgtable.h During our internal testing, we started observing intermittent boot failures when the machine uses 4-level paging and has a large amount of persistent memory: BUG: unable t...
CVE-2025-9891
The User Sync – Remote User Sync plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the mousersyncformhandler function. This makes it possible for unauthenticated attackers to...
Sync in 安全漏洞
Sync in is a server synchronization platform from Sync-in open source. A security vulnerability exists in Sync in 1.1.1 and earlier versions, which stems from a directory traversal issue in the FilesManager.saveMultipart and FilesManager.compress functions that could allow an authenticated attack...
CVE-2025-56869
Directory traversal vulnerability in Sync In server thru 1.1.1 allowing authenticated attackers to gain read and write access to the system via FilesManager.saveMultipart function in backend/src/applications/files/services/files-manager.service.ts, and FilesManager.compress function in...
PT-2025-38583
Name of the Vulnerable Software and Affected Versions Sync In versions through 1.1.1 Description A directory traversal issue exists in Sync In server. Authenticated attackers can achieve read and write access to the system through the FilesManager.saveMultipart function located in...
PT-2025-38551
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to page table synchronization during vmemmap initialization. Specifically, the optimized path within vmemmap populate compound pages skips...
CVE-2025-56869
CVE-2025-56869 describes a directory traversal vulnerability in the Sync In server (up to version 1.1.1). The issue affects the files-management code paths: FilesManager.saveMultipart and FilesManager.compress in backend/src/applications/files/services/files-manager.service.ts, enabling authentic...
CVE-2023-53380
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref of mreplace in raid10syncrequest There are two check of 'mreplace' in raid10syncrequest. In the first check, 'needreplace' will be set and 'mreplace' will be used later if no-Faulty 'mreplace' exists...
CVE-2023-53421 blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats()
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Reinit blkgiostatset after clearing in blkcgresetstats When blkgalloc is called to allocate a blkcggq structure with the associated blkgiostatset's, there are 2 fields within blkgiostatset that requires proper...
CVE-2023-53380
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref of mreplace in raid10syncrequest There are two check of 'mreplace' in raid10syncrequest. In the first check, 'needreplace' will be set and 'mreplace' will be used later if no-Faulty 'mreplace' exists...
DEBIAN-CVE-2023-53380
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref of mreplace in raid10syncrequest There are two check of 'mreplace' in raid10syncrequest. In the first check, 'needreplace' will be set and 'mreplace' will be used later if no-Faulty 'mreplace' exists...
CVE-2023-53380 md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref of mreplace in raid10syncrequest There are two check of 'mreplace' in raid10syncrequest. In the first check, 'needreplace' will be set and 'mreplace' will be used later if no-Faulty 'mreplace' exists...
CVE-2023-53380 md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref of mreplace in raid10syncrequest There are two check of 'mreplace' in raid10syncrequest. In the first check, 'needreplace' will be set and 'mreplace' will be used later if no-Faulty 'mreplace' exists...
CVE-2023-53380 md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref of mreplace in raid10syncrequest There are two check of 'mreplace' in raid10syncrequest. In the first check, 'needreplace' will be set and 'mreplace' will be used later if no-Faulty 'mreplace' exists...
CVE-2023-53380
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref of mreplace in raid10syncrequest There are two check of 'mreplace' in raid10syncrequest. In the first check, 'needreplace' will be set and 'mreplace' will be used later if no-Faulty 'mreplace' exists...
GO-2025-3939 secrets-store-sync-controller discloses service account tokens in logs in sigs.k8s.io/secrets-store-sync-controller
secrets-store-sync-controller discloses service account tokens in logs in sigs.k8s.io/secrets-store-sync-controller...
CVE-2025-9891
The User Sync – Remote User Sync plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the mousersyncformhandler function. This makes it possible for unauthenticated attackers to...
CVE-2025-9891 User Sync – Remote User Sync <= 1.0.2 - Cross-Site Request Forgery to Plugin Deactivation
The User Sync – Remote User Sync plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the mousersyncformhandler function. This makes it possible for unauthenticated attackers to...