EUVD-2022-55657

In the Linux kernel, the following vulnerability has been resolved: btrfs: call btrfsremovefreespacecachelocked on cache load failure Now that lockdep is staying enabled through our entire CI runs I started seeing the following stack in generic/475 ------------ cut here ------------ WARNING: CPU:...

CVE-2023-53707

CVE-2023-53707 : In the Linux kernel, the drm/amdgpu cs_pass1 path has an unsigned int size that can overflow when size is 0x40000000; after multiplying by sizeof(uint32_t), size may wrap to 0, causing a reference to uninitialized memory later. The vulnerability is resolved in the related kernel ...

CVE-2025-57521

Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that allows arbitrary code execution during application startup. The application loads a network plugin without validating its digital signature or verifying its authenticity. A local attacker can exploit this behavior by placing a...

CVE-2025-57521

Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that allows arbitrary code execution during application startup. The application loads a network plugin without validating its digital signature or verifying its authenticity. A local attacker can exploit this behavior by placing a...

EUVD-2025-35177

Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that allows arbitrary code execution during application startup. The application loads a network plugin without validating its digital signature or verifying its authenticity. A local attacker can exploit this behavior by placing a...

CVE-2025-57521

CVE-2025-57521 affects Bambu Studio 2.1.1.52 and earlier. The vulnerability arises at application startup when the program loads a network plug‑in without validating its digital signature or verifying authenticity. A local attacker can place a malicious component in the expected location (e.g., u...

CVE-2025-57521

Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that allows arbitrary code execution during application startup. The application loads a network plugin without validating its digital signature or verifying its authenticity. A local attacker can exploit this behavior by placing a...

CVE-2025-57521

Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that allows arbitrary code execution during application startup. The application loads a network plugin without validating its digital signature or verifying its authenticity. A local attacker can exploit this behavior by placing a...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987551)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987551 advisory. In the Linux kernel, the following vulnerability has been resolved: NFSD: prevent underflow in nfssvcdecodewriteargs Smatch complains: fs/nfsd/nfsxdr.c:341...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987691)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987691 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Fix potential integer multiplication overflow errors When multiplying of different...

CVE-2025-60855

Reolink Video Doorbell WiFi DB566128M5MPW performs insufficient validation of firmware update signatures. This allows attackers to load malicious firmware images, resulting in arbitrary code execution with root privileges. NOTE: this is disputed by the Supplier because the integrity of updates is...

CVE-2025-60855

CVE-2025-60855 affects Reolink Video Doorbell WiFi DB_566128M5MP_W. The vulnerability is due to insufficient validation of firmware update signatures, which could allow loading of malicious firmware and result in arbitrary code execution with root privileges. Some sources note the supplier disput...

CLSA-2025-1760548275 protobuf-c: Fix of CVE-2022-48468

CVE-2022-48468: fix unsigned integer overflow in parserequiredmember...

GHSA-XC79-566C-J4QX Parallax is vulnerable to DoS via malicious p2p message

Impact A vulnerable node can be made to consume very large amounts of memory when handling specially crafted p2p messages sent from an attacker node. In order to carry out the attack, the attacker establishes a peer connections to the victim, and sends a malicious GetBlockHeadersRequest message...

UBUNTU-CVE-2025-61152

python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...

OSV-2025-827 Global-buffer-overflow in void jxl::N_SSE4::WriteToOutputStage::StoreUnsignedRow<unsigned char>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=450328034 Crash type: Global-buffer-overflow READ 16 Crash state: void jxl::NSSE4::WriteToOutputStage::StoreUnsignedRow jxl::NSSE4::WriteToOutputStage::OutputBuffers jxl::NSSE4::WriteToOutputStage::ProcessRow...

UBUNTU-CVE-2025-39962

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix untrusted unsigned subtract Fix the following Smatch static checker warning: net/rxrpc/rxgkapp.c:65 rxgkyfsdecodeticket warn: untrusted unsigned subtract. 'ticketlen - 10 4' by prechecking the length of what we're tryi...

CVE-2025-39962

The CVE-2025-39962 entry concerns the Linux kernel RXRPC path. A bug in rxgk_app.c involved an untrusted unsigned subtract (ticket_len - 10 * 4) that could affect token parsing. The fix prechecks token lengths in two places and uses sizeof() for the extracted struct. This CVE is marked as resolve...

CVE-2025-39962 rxrpc: Fix untrusted unsigned subtract

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix untrusted unsigned subtract Fix the following Smatch static checker warning: net/rxrpc/rxgkapp.c:65 rxgkyfsdecodeticket warn: untrusted unsigned subtract. 'ticketlen - 10 4' by prechecking the length of what we're tryi...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unverified unsigned subtraction operation that could result in an integer underflow...