4692 matches found
CLSA-2025-1756409662 xorg-x11-server: Fix of 8 CVEs
CVE-2025-26594: refuse to free the root cursor and keep its ref - CVE-2025-26595: fix buffer overflow in XkbVModMaskText - CVE-2025-26596: xkb: fix computation of XkbSizeKeySyms - CVE-2025-26597: xkb: fix buffer overflow in XkbChangeTypesOfKey - CVE-2025-26598: Xi: Fix barrier device search -...
CLSA-2025-1756408410 xorg-x11-server: Fix of 8 CVEs
CVE-2025-26594: refuse to free the root cursor and keep its ref - CVE-2025-26595: fix buffer overflow in XkbVModMaskText - CVE-2025-26596: xkb: fix computation of XkbSizeKeySyms - CVE-2025-26597: xkb: fix buffer overflow in XkbChangeTypesOfKey - CVE-2025-26598: Xi: Fix barrier device search -...
CVE-2025-50986
diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting XSS vulnerabilities in its administrative settings interface. Various configuration fields such as ESHOST, ESINDEXREFRESH, ESPORT, ESSCROLLSIZE, ESTRANSLOGSIZE, ESTRANSLOGSYNCINT, EXCLUDESFILES, FILETYPES,...
Linux Distros Unpatched Vulnerability : CVE-2020-8227
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicat...
PT-2025-37977
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A lockdep assertion issue was resolved in the net/mlx5 component of the Linux kernel. The issue occurred during a sync reset unload event when the PF already held the devlink lock while...
AsgoreCore (>=0.1.0 <=0.1.2), RustyBox (=0.1.0) +425 more potentially affected by unknown CVE via xcb (>=0.10.1 <=1.2.2)
xcb CARGO version =0.10.1, =0.1.0, =0.1.0, =0.4.0, =0.1.0, =1.0.9, =0.6.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.3.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-655H-HG88-5QMF...
CVE-2025-38593
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix double free in 'hcidiscoveryfilterclear' Function 'hcidiscoveryfilterclear' frees 'uuids' array and then sets it to NULL. There is a tiny chance of the following race: 'hcicmdsyncwork'...
AZL-66513 CVE-2025-38593 affecting package kernel for versions less than 6.6.117.1-1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix double free in 'hcidiscoveryfilterclear' Function 'hcidiscoveryfilterclear' frees 'uuids' array and then sets it to NULL. There is a tiny chance of the following race: 'hcicmdsyncwork'...
DEBIAN-CVE-2025-38574
In the Linux kernel, the following vulnerability has been resolved: pptp: ensure minimal skb length in pptpxmit Commit aabc6596ffb3 "net: ppp: Add bound checking for skb data on pppsynctxmung" fixed pppsynctxmunge We need a similar fix in pptpxmit, otherwise we might read uninit data as reported ...
AZL-66521 CVE-2025-38578 affecting package kernel for versions less than 6.6.104.2-1
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fssyncinodemeta syzbot reported an UAF issue as below: 1 2 1 https://syzkaller.appspot.com/text?tag=CrashReport&x=16594c60580000 ================================================================== BUG:...
CVE-2025-38593 Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()'
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix double free in 'hcidiscoveryfilterclear' Function 'hcidiscoveryfilterclear' frees 'uuids' array and then sets it to NULL. There is a tiny chance of the following race: 'hcicmdsyncwork'...
CVE-2025-49047
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in keeross DigitalOcean Spaces Sync do-spaces-sync allows Stored XSS.This issue affects DigitalOcean Spaces Sync: from n/a through = 2.2.1...
CVE-2025-38538 dmaengine: nbpfaxi: Fix memory corruption in probe()
In the Linux kernel, the following vulnerability has been resolved: dmaengine: nbpfaxi: Fix memory corruption in probe The nbpf-chan array is allocated earlier in the nbpfprobe function and it has "numchannels" elements. These three loops iterate one element farther than they should and corrupt...
Security Updates for Azure File Sync Agent (August 2025)
The Microsoft Azure File Sync Agent running on the remote host is prior to 18.3, 19.x prior to 19.2, 20.x prior to 20.1, or 21.x prior to 21.1. It is, therefore affected by an elevation of privilege vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the...
Malicious code in memoize-sync (npm)
The package memoize-sync was found to contain malicious code...
Malicious code in sync-sampled-reviews-with-raw-reviews (npm)
The package sync-sampled-reviews-with-raw-reviews was found to contain malicious code...
Malicious code in jest-sync-json-reporter (npm)
The package jest-sync-json-reporter was found to contain malicious code...
Malicious code in accretion-puppeteer-pegasus-sync (npm)
The package accretion-puppeteer-pegasus-sync was found to contain malicious code...
Malicious code in bunyan-sync-css-loader-quasarjet (npm)
The package bunyan-sync-css-loader-quasarjet was found to contain malicious code...
Malicious code in hercules-centaurus-oberon-sync (npm)
The package hercules-centaurus-oberon-sync was found to contain malicious code...