65 matches found
CVE-2025-8586
A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ffseekframebinary of the file /libavformat/utils.c of the component MPEG File Parser. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local...
CVE-2025-8262
A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch...
CVE-2025-38381
In the Linux kernel, the following vulnerability has been resolved: Input: cs40l50-vibra - fix potential NULL dereference in cs40l50uploadowt The cs40l50uploadowt function allocates memory via kmalloc without checking for allocation failure, which could lead to a NULL pointer dereference. Return...
CVE-2025-53020
Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue...
CVE-2025-38339
In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf: fix JIT code size calculation of bpf trampoline archbpftrampolinesize provides JIT size of the BPF trampoline before the buffer for JIT'ing it is allocated. The total number of instructions emitted for BPF trampoline...
CVE-2022-50097
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: s3fb: Check the size of screen before memsetio In the function s3fbsetpar, the value of 'screensize' is calculated by the user input. If the user provides the improper value, the value of 'screensize' may larger tha...
CVE-2022-50106
In the Linux kernel, the following vulnerability has been resolved: powerpc/cell/axonmsi: Fix refcount leak in setupmsimsgaddress ofgetnextparent returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput in the error path to avoid...
CVE-2022-50047
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6060: prevent crash on an unused port If the port isn't a CPU port nor a user port, 'cpudp' is a null pointer and a crash happened on dereferencing it in mv88e6060setupport: 9.575872 Unable to handle kernel NULL...
CVE-2025-38080
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Increase blocksequence array size Why It's possible to generate more than 50 steps in hwssbuildfastsequence, for example with a 6-pipe asic where all pipes are in one MPC chain. This overflows the blocksequence...
CVE-2025-38082
In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix potential out-of-bound write If the caller wrote more characters, count is truncated to the max available space in "simplewritetobuffer". Check that the input size does not exceed the buffer size. Write a zero...
CVE-2025-37986
In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Invalidate USB device pointers on partner unregistration To avoid using invalid USB device pointers after a Type-C partner disconnects, this patch clears the pointers upon partner unregistration. This ensures a...
CVE-2025-37955
In the Linux kernel, the following vulnerability has been resolved: virtio-net: free xskbuffs on error in virtnetxskpoolenable The selftests added to our CI by Bui Quang Minh recently reveals that there is a mem leak on the error path of virtnetxskpoolenable: unreferenced object 0xffff88800a68a00...
CVE-2025-37884
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock between rcutaskstrace and eventmutex. Fix the following deadlock: CPU A freeevent perfkprobedestroy mutexlock&eventmutex perftraceeventunreg synchronizercutaskstrace There are several paths where freeevent grabs...
CVE-2025-43926
An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user preferences with arbitrary keys. When fetching user data via GetUserData, these keys and values are retrieved and given as a whole to other...
CVE-2025-37828
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: mcq: Add NULL check in ufshcdmcqabort A race can occur between the MCQ completion path and the abort handler: once a request completes, blkmqfreerequest sets rq-mqhctx to NULL, meaning the subsequent ufshcdmcqreqtohwq...
CVE-2023-53082
In the Linux kernel, the following vulnerability has been resolved: vpvdpa: fix the crash in hot unplug with vpvdpa While unplugging the vpvdpa device, it triggers a kernel panic The root cause is: vdpamgmtdevunregister will accesses modern devices which will cause a use after free. So need to...
CVE-2022-49917
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix WARNING in ipvsappnetcleanup During the initialization of ipvsappnetinit, if file ipvsapp fails to be created, the initialization is successful by default. Therefore, the ipvsapp file doesn't be found during the remove ...
CVE-2022-49885
In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fix integer overflow in ghesestatuspoolinit Change numghes from int to unsigned int, preventing an overflow and causing subsequent vmalloc to fail. The overflow happens in ghesestatuspoolinit when calculating len duri...
CVE-2025-37758
In the Linux kernel, the following vulnerability has been resolved: ata: patapxa: Fix potential NULL pointer dereference in pxaataprobe devmioremap returns NULL on error. Currently, pxaataprobe does not check for this case, which can result in a NULL pointer dereference. Add NULL check after...
CVE-2025-2866
Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid This...