13 matches found
CVE-2025-38403
In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmcitransportpacketinit memset the vmcitransportpacket before populating the fields to avoid any uninitialised data being left in the structure...
thunderbird security update
128.11.0-1.0.1 - Fix prefs for new nss Orabug: 37079820 - Add Oracle prefs file 128.11.0 - Add OpenELA debranding 128.11.0-1 - Update to 128.11.0 128.10.1-1 - Update to 128.10.1...
CVE-2024-58086
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Stop active perfmon if it is being destroyed If the active performance monitor v3d-activeperfmon is being destroyed, stop it first. Currently, the active perfmon is not stopped during destruction, leaving the...
firefox security update
128.7.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 128.7.0 - Add debranding patches Mustafa Gezen - Add OpenELA default preferences Louis Abel 128.7.0-1 - Update to 128.7.0 build1...
thunderbird security update
128.7.0-1.0.1 - Fix prefs for new nss Orabug: 37079820 - Add Oracle prefs file 128.7.0 - Add OpenELA debranding 128.7.0-1 - Update to 128.2.0 build1...
firefox security update
128.6.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 128.6.0 - Add debranding patches Mustafa Gezen - Add OpenELA default preferences Louis Abel 128.6.0-1 - Update to 128.6.0 build1...
CVE-2024-56677
In the Linux kernel, the following vulnerability has been resolved: powerpc/fadump: Move fadumpcmainit to setuparch after initmeminit During early init CMAMINALIGNMENTBYTES can be PAGESIZE, since pageblockorder is still zero and it gets initialized later during initmeminit e.g. setuparch -...
CVE-2024-40896
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...
CVE-2024-50339
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue...
CVE-2024-38370
GLPI is a free asset and IT management software package. Starting in 9.2.0 and prior to 11.0.0, it is possible to download a document from the API without appropriate rights. Upgrade to 10.0.16...
CVE-2024-49916
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL check for clkmgr and clkmgr-funcs in dcn401inithw This commit addresses a potential null pointer dereference issue in the dcn401inithw function. The issue could occur when dc-clkmgr or dc-clkmgr-funcs is...
CVE-2024-46837
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Restrict high priorities on groupcreate We were allowing any users to create a high priority group without any permission checks. As a result, this was allowing possible denial of service. We now only allow the DRM...
CVE-2024-45021
In the Linux kernel, the following vulnerability has been resolved: memcgwriteeventcontrol: fix a user-triggerable oops we are not guaranteed that anything past the terminating NUL is mapped let alone initialized with anything sane...