UBUNTU-CVE-2022-49674

In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load using raidctr, dm-raid allocates an array rs-devsrs-raiddisks for the raid device members. rs-raiddisks is defined by the number of raid metadata and ima...

CVE-2021-47649 udmabuf: validate ubuf->pagecount

In the Linux kernel, the following vulnerability has been resolved: udmabuf: validate ubuf-pagecount Syzbot has reported GPF in sgallocappendtablefrompages. The problem was in ubuf-pages == ZEROPTR. ubuf-pagecount is calculated from arguments passed from user-space. If user creates udmabuf with...

GHSA-99VM-5V2H-H6R6 Directus allows updates to non-allowed fields due to overlapping policies

Summary If there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is allowed to update the superset of fields allowed by any of the policies. E.g. have one policy...

Directus allows updates to non-allowed fields due to overlapping policies

Summary If there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is allowed to update the superset of fields allowed by any of the policies. E.g. have one policy...

Malicious code in jquery.validate.additional-methods-br (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38146e8961491ebc882527395be69e281eeb62c0a44bba6abe87a8c037614c59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1488 Malicious code in jquery.validate.additional-methods-br (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 38146e8961491ebc882527395be69e281eeb62c0a44bba6abe87a8c037614c59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CMSimple has an unspecified vulnerability

CMSimple is a free content management system. An unspecified vulnerability exists in CMSimple, which can be exploited by an attacker to obtain sensitive information via a carefully crafted script that can be used to validate link functionality...

CVE-2025-1094

A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...

Important Photon OS Security Update - PHSA-2025-4.0-0751

Updates of 'perl-Data-Validate-IP' packages of Photon OS have been released...

CVE-2020-15131

In SLP Validate npm package slp-validate before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any ...

CVE-2020-11072

In SLP Validate npm package slp-validate before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. Th...

CVE-2024-49623

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hasan movahed Duplicate Title Validate duplicate-title-validate allows Blind SQL Injection.This issue affects Duplicate Title Validate: from n/a through = 1.0...

PT-2025-2590 · Google · Android Wificonfigurationutil

Name of the Vulnerable Software and Affected Versions: Android WifiConfigurationUtil affected versions not specified Description: A logic error in the code of WifiConfigurationUtil.java, specifically in the validateSsid function, could lead to a local denial of service due to a possible overflow ...

CVE-2024-57546

An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function...

CVE-2024-57546

An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function...

CVE-2024-57546

CMSimple v5.16 is affected by a vulnerability in the validate link function that can allow a remote attacker to obtain sensitive information and may enable SSRF. The issue stems from insufficient protection of internal data in the link validation path. Recommended temporary mitigation: disable th...

kernel security update

5.14.0-503.22.15.OL9 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

BIT-PHP-MIN-2021-21708 UAF due to php_filter_float() failing

In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTERVALIDATEFLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in...

AZL-56121 CVE-2024-47809 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: dlm: fix possible lkbresource null dereference This patch fixes a possible null pointer dereference when this function is called from requestlock as lkb-lkbresource is not assigned yet, only after validatelockargs by calling...

CVE-2024-47809 dlm: fix possible lkb_resource null dereference

In the Linux kernel, the following vulnerability has been resolved: dlm: fix possible lkbresource null dereference This patch fixes a possible null pointer dereference when this function is called from requestlock as lkb-lkbresource is not assigned yet, only after validatelockargs by calling...