CVE-2022-49641

CVE-2022-49641 concerns the Linux kernel sysctl path, where data races in proc_douintvec() could occur due to concurrent access. The fix switches internal access to READ_ONCE() and WRITE_ONCE(), reducing load/store tearing in readers/writers. The patch notes indicate proc_douintvec() is currently...

CVE-2022-49634

In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data-races in procdou8vecminmax. A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch...

CVE-2022-49634 sysctl: Fix data-races in proc_dou8vec_minmax().

In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data-races in procdou8vecminmax. A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch...

CVE-2022-49634

CVE-2022-49634 : In the Linux kernel, there are data-races in sysctl access to proc_dou8vec_minmax() due to concurrent readers/writers. The fix changes proc_dou8vec_minmax() to use internal READ_ONCE() and WRITE_ONCE() to mitigate races on the sysctl side. The patch notes indicate the function it...

CVE-2022-49587

The CVE-2022-49587 entry concerns a data-race in the Linux kernel related to reading sysctl_tcp_notsent_lowat, which could be modified concurrently. The fix is to add READ_ONCE() to the reader, addressing a sysctl data-race in the tcp stack. The vulnerability is rated with CVSS v3.1 metrics indic...

CVE-2022-49582 net: dsa: fix NULL pointer dereference in dsa_port_reset_vlan_filtering

In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix NULL pointer dereference in dsaportresetvlanfiltering The "ds" iterator variable used in dsaportresetvlanfiltering - dsaswitchforeachport overwrites the "dp" received as argument, which is later used to call...

CVE-2022-49573 tcp: Fix a data-race around sysctl_tcp_early_retrans.

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctltcpearlyretrans. While reading sysctltcpearlyretrans, it can be changed concurrently. Thus, we need to add READONCE to its reader...

CVE-2022-49298

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix uninit-value in r871xudrvinit When 'tmpU1b' returns from r8712read8padapter, EE9346CR is 0, 'mac6' will not be initialized. BUG: KMSAN: uninit-value in r871xudrvinit+0x2d54/0x3070...

Amazon Linux 2 : postgresql (ALAS-2025-2764)

The version of postgresql installed on the remote host is prior to 9.2.24-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2764 advisory. Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive proce...

Amazon Linux 2 : php, --advisory ALAS2PHP8.2-2025-006 (ALASPHP8.2-2025-006)

The version of php installed on the remote host is prior to 8.2.27-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.2-2025-006 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system,...

picklescan 安全漏洞

picklescan is a security scanning program by the individual developer Matthieu Maitre. A security vulnerability exists in versions of picklescan prior to 0.0.21, which stems from not treating pip as an insecure global variable, which could lead to a malicious model introducing a malicious PyPI...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from data contention in the cipso sysctl variable...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the presence of data contention in sysctligmpqrv...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a possible data contention in procdou8vecminmax when accessing the sysctl variable, resulting in a...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from an uninitialized variable in the r871xudrvinit function in the staging rtl8712 driver...

Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2025-845)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-845 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode...

@lume/element (>=0.1.2 <=0.5.6), @lume/variable (>=0.1.1 <=0.6.1) +3 more potentially affected by CVE-2025-27108 via dom-expressions (>=0.19.10 <=0.36.18)

dom-expressions NPM version =0.19.10, =0.1.2, =0.1.1, =0.20.0, =0.29.1 - @xsolid/dom =0.0.0-alpha.0 - webfps =1.4.0 Source cves: CVE-2025-27108 Source advisory: OSV:GHSA-HW62-58PR-7WC5...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to improper privilege management due to Apache Kafka Client(CVE-2024-31141)

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to improper privilege management, allowing external parties access to files or directories due to Apache Kafka Client. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to...

UBUNTU-CVE-2025-26594

A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free...

apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...