21761 matches found
drm/gem: Acquire references on GEM handles for framebuffers
...
An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.
...
Backticks not treated as string delimiters in html/template
...
ice: Fix a null pointer dereference in ice_copy_and_init_pkg()
...
vsock: Fix transport_* TOCTOU
...
vfio/pds: Fix missing detach_ioas op
...
smb: client: fix warning when reconnecting channel
...
drm/amd/display: Check phantom_stream before it is used
...
drm/i915/gt: Cleanup partial engine discovery failures
...
HDF5 H5FL.c H5FL__malloc memory leak
...
CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS
...
An issue in htop-dev htop v.2.20 allows a local attacker to cause an out-of-bounds access in the Header_populateFromSettings function.
...
PCI: pnv_php: Fix surprise plug detection and recovery
...
Grub2: commands/dump: the dump command is not in lockdown when secure boot is enabled
...
cifs: Fix UAF in cifs_demultiplex_thread()
...
libxml2 xmlcatalog xmlParseSGMLCatalog recursion
...
nilfs2: reject invalid file types when reading inodes
...
HDF5 H5FScache.c H5FS__sinfo_serialize_node_cb heap-based overflow
...
vmxnet3: unregister xdp rxq info in the reset path
...
tcp: Correct signedness in skb remaining space calculation
...
Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083.
...
Grub2: grub-core/gettext: integer overflow leads to heap oob write.
...
spi: stm32: Check for cfg availability in stm32_spi_probe
...
sctp: add mutual exclusion in proc_sctp_do_udp_port()
...
vsock/vmci: Clear the vmci transport packet properly when initializing it
...
clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns
...
Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depending on the later use of DHCP-provided parameters via crafted DHCP responses.
...
spi: fsl-qspi: use devm function instead of driver remove
...
hfsplus: remove mutex_lock check in hfsplus_free_extents
...
iommufd: Fix protection fault in iommufd_test_syz_conv_iova
...
btrfs: fix iteration of extrefs during log replay
...
Keras safe_mode bypass allows arbitrary code execution when loading a malicious model.
...
crypto: arm64/neonbs - fix out-of-bounds access on short input
...
Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs
...
netfilter: xt_nfacct: don't assume acct name is null-terminated
...
ACPICA: Refuse to evaluate a method if arguments are missing
...
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
...
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.
...
JasPer JPEG2000 File jpc_dec.c jpc_dec_dump use after free
...
Excessive memory allocation in net/http and net/textproto
...
f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode
...
netlink: Fix wraparounds of sk->sk_rmem_alloc.
...
jfs: reject on-disk inodes of an unsupported type
...
btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()
...
JasPer JPEG2000 Encoder jpc_enc.c jpc_floorlog2 assertion
...
net/packet: fix a race in packet_set_ring() and packet_notifier()
...
Null pointer deref in X509_issuer_and_serial_hash()
...
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.
...
jfs: fix array-index-out-of-bounds in dbAdjTree
...
fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref
...