52 matches found
EUVD-2025-12889
Malicious code in bioql PyPI...
CVE-2025-38377
In the Linux kernel, the following vulnerability has been resolved: rose: fix dangling neighbour pointers in rosertdevicedown There are two bugs in rosertdevicedown that can cause use-after-free: 1. The loop bound t-count is modified within the loop, which can cause the loop to terminate early an...
SUSE-SU-2025:02164-1 Security update for gimp
This update for gimp fixes the following issues: - CVE-2025-48797: Fixed two buffer over-reads and one heap-based buffer overflow in its TGA parser bsc1243711. - CVE-2025-48798: Fixed two use-after-free bugs and one double free bug in its XCF parser bsc1243712...
CVE-2022-50005 nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Fix use-after-free bugs caused by pn532cmdtimeout When the pn532 uart device is detaching, the pn532uartremove is called. But there are no functions in pn532uartremove that could delete the cmdtimeout timer, which wil...
CVE-2022-50005
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Fix use-after-free bugs caused by pn532cmdtimeout When the pn532 uart device is detaching, the pn532uartremove is called. But there are no functions in pn532uartremove that could delete the cmdtimeout timer, which wil...
CVE-2022-49882
In the Linux kernel, the following vulnerability has been resolved: KVM: Reject attempts to consume or refresh inactive gfntopfncache Reject kvmgpccheck and kvmgpcrefresh if the cache is inactive. Not checking the active flag during refresh is particularly egregious, as KVM can end up with a vali...
PT-2025-18599 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the KVM Kernel-based Virtual Machine component. The issue arises when the gfn to pfn cache is inactive, and KVM fails ...
CVE-2022-49085 drbd: Fix five use after free bugs in get_initial_state
In the Linux kernel, the following vulnerability has been resolved: drbd: Fix five use after free bugs in getinitialstate In getinitialstate, it calls notifyinitialstatedoneskb,.. if cb-args5==1. If genlmsgput failed in notifyinitialstatedone, the skb will be freed by nlmsgfreeskb. Then...
CVE-2022-49085 drbd: Fix five use after free bugs in get_initial_state
In the Linux kernel, the following vulnerability has been resolved: drbd: Fix five use after free bugs in getinitialstate In getinitialstate, it calls notifyinitialstatedoneskb,.. if cb-args5==1. If genlmsgput failed in notifyinitialstatedone, the skb will be freed by nlmsgfreeskb. Then...
AlmaLinux 9 : firefox (ALSA-2025:1066)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:1066 advisory. firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 CVE-2025-1017 firefox: thunderbir...
SUSE-SU-2025:0103-1 Security update for the Linux Kernel (Live Patch 54 for SLE 12 SP5)
This update for the Linux Kernel 4.12.14-122201 fixes several issues. The following security issues were fixed: - CVE-2022-48686: Fixed UAF when detecting digest errors bsc1226337. - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans bsc1233712. -...
SUSE-SU-2024:4243-1 Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005562 fixes several issues. The following security issues were fixed: - CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool bsc1225429. - CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. - CVE-2024-43861: Fix...
Fedora 37 : libtar (2022-88772d0a2d)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-88772d0a2d advisory. - fix use-after-free bugs introduced by incorrect memleak fixes CVE-2021-33640 Tenable has extracted the preceding description block directly from t...
CVE-2024-49945
In the Linux kernel, the following vulnerability has been resolved: net/ncsi: Disable the ncsi work before freeing the associated structure The work function can run after the ncsi device is freed, resulting in use-after-free bugs or kernel panic...
CVE-2024-49945 net/ncsi: Disable the ncsi work before freeing the associated structure
In the Linux kernel, the following vulnerability has been resolved: net/ncsi: Disable the ncsi work before freeing the associated structure The work function can run after the ncsi device is freed, resulting in use-after-free bugs or kernel panic...
CVE-2024-49945 net/ncsi: Disable the ncsi work before freeing the associated structure
In the Linux kernel, the following vulnerability has been resolved: net/ncsi: Disable the ncsi work before freeing the associated structure The work function can run after the ncsi device is freed, resulting in use-after-free bugs or kernel panic...
CVE-2024-49945 net/ncsi: Disable the ncsi work before freeing the associated structure
In the Linux kernel, the following vulnerability has been resolved: net/ncsi: Disable the ncsi work before freeing the associated structure The work function can run after the ncsi device is freed, resulting in use-after-free bugs or kernel panic...
SUSE-SU-2024:3697-1 Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP5)
This update for the Linux Kernel 5.14.21-1505005552 fixes several issues. The following security issues were fixed: - CVE-2024-35861: Fixed potential UAF in cifssignalcifsdforreconnect bsc1225312. - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfochangednotify bsc1225739. -...
CVE-2024-35887
In the Linux kernel, the following vulnerability has been resolved: ax25: fix use-after-free bugs caused by ax25dsdeltimer When the ax25 device is detaching, the ax25devdevicedown calls ax25dsdeltimer to cleanup the slavetimer. When the timer handler is running, the ax25dsdeltimer that calls...
CVE-2024-35869 smb: client: guarantee refcounted children from parent session
In the Linux kernel, the following vulnerability has been resolved: smb: client: guarantee refcounted children from parent session Avoid potential use-after-free bugs when walking DFS referrals, mounting and performing DFS failover by ensuring that all children from parent @tcon-ses are also...