68528 matches found
CVE-2025-66877
Buffer overflow vulnerability in function dcputchar in decompile.c in libming 0.4.8...
CVE-2025-66865
An issue was discovered in function dprintcompinner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...
CVE-2025-66864
An issue was discovered in function dprintcompinner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...
CVE-2025-66869
Buffer overflow vulnerability in function strcat in asaninterceptors.cpp in libming 0.4.8...
CVE-2025-66863
An issue was discovered in function ddiscriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...
CVE-2025-66862
A buffer overflow vulnerability in function gnuspecial in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...
CVE-2025-66861
An issue was discovered in function dunqualifiedname in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file...
CVE-2025-66866
An issue was discovered in function dabitags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...
CVE-2025-60458
UxPlay 1.72 contains a double free vulnerability in its RTSP request handling. A specially crafted RTSP TEARDOWN request can trigger multiple calls to free on the same memory address, potentially causing a Denial of Service...
CVE-2025-68973
In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. For ExtendedLTS, 2.2.51 and later are fixed versions...
CVE-2025-68972
In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds although an "invalid armor" message is printed...
CVE-2025-14177
In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, the getimagesize function may leak uninitialized heap memory into the APPn segments e.g., APP1 when reading images in multi-chunk mode such as via php://filter. This occurs due to a...
CVE-2025-14180
In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...
CVE-2025-14178
In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, a heap buffer overflow occurs in arraymerge when the total element count of packed arrays exceeds 32-bit limits or HTMAXSIZE, due to an integer overflow in the precomputation of...
CVE-2025-68944
Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries...
CVE-2025-68943
Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...
CVE-2025-68945
In Gitea before 1.21.2, an anonymous user can visit a private user's project...
CVE-2025-68940
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...
CVE-2025-68939
Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API...
CVE-2025-68942
Gitea before 1.22.2 allows XSS because the search input box for creating tags and branches is v-html instead of v-text...
CVE-2025-68941
Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources...
CVE-2025-68938
Gitea before 1.25.2 mishandles authorization for deletion of releases...
CVE-2025-68946
In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...
CVE-2025-68920
C-Kermit aka ckermit through 10.0 Beta.12 aka 416-beta12 before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system...
CVE-2018-25154
GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system...
CVE-2018-25153
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as the reported issue does not constitute a security vulnerability and represents a minor, non-exploitable memory leak...
CVE-2025-68750
In the Linux kernel, the following vulnerability has been resolved: usb: potential integer overflow in usbgmaketpg The variable tpgt in usbgmaketpg is defined as unsigned long and is assigned to tpgt-tporttpgt, which is defined as u16. This may cause an integer overflow when tpgt is greater than...
CVE-2023-54076
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix missed ses refcounting Use new cifssmbsesincrefcount helper to get an active reference of @ses and @ses-dfsrootses if set. This will prevent @ses-dfsrootses of being put in the next call to cifsputsmbses and thus...
CVE-2023-54087
In the Linux kernel, the following vulnerability has been resolved: ubi: Fix possible null-ptr-deref in ubifreevolume It willl cause null-ptr-deref in the following case: uifinit ubiaddvolume cdevadd - if it fails, call killvolumes deviceregister killvolumes - if ubiaddvolume fails call this...
CVE-2022-50755
In the Linux kernel, the following vulnerability has been resolved: udf: Avoid double brelse in udfrename syzbot reported a warning like below 1: VFS: brelse: Trying to free free buffer WARNING: CPU: 2 PID: 7301 at fs/buffer.c:1145 brelse+0x67/0xa0 ... Call Trace: invalidatebhlru+0x99/0x150...
CVE-2023-54102
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Prevent lpfcdebugfslockstatwrite buffer overflow A static code analysis tool flagged the possibility of buffer overflow when using copyfromuser for a debugfs entry. Currently, it is possible that copyfromuser copies...
CVE-2023-54157
In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF of alloc-vma in race with munmap cmllamas: clean forward port from commit 015ac18be7de "binder: fix UAF of alloc-vma in race with munmap" in 5.10 stable. It is needed in mainline after the revert of commit...
CVE-2023-54142
In the Linux kernel, the following vulnerability has been resolved: gtp: Fix use-after-free in gtpencapdestroy. syzkaller reported use-after-free in gtpencapdestroy. 0 It shows the same process freed sk and touched it illegally. Commit e198987e7dd7 "gtp: fix suspicious RCU usage" added locksock a...
CVE-2022-50779
In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orangefspreparedebugfshelpstring When insert and remove the orangefs module, then debughelpstring will be leaked: unreferenced object 0xffff8881652ba000 size 4096: comm "insmod", pid 1701, jiffies...
CVE-2023-54107
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: dropping parent refcount after pdfreefn is done Some cgroup policies will access parent pd through child pd even after pdofflinefn is done. If pdfreefn for parent is called before child, then UAF can be triggered. Hen...
CVE-2025-68735
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Prevent potential UAF in group creation This commit prevents the possibility of a use after free issue in the GROUPCREATE ioctl function, which arose as pointer to the group is accessed in that ioctl function after...
CVE-2022-50772
In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix memory leak in nsimbusdevnew If deviceregister failed in nsimbusdevnew, the value of reference in nsimbusdev-dev is 1. obj-name in nsimbusdev-dev will not be released. unreferenced object 0xffff88810352c480 size 16...
CVE-2023-54108
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests The following message and call trace was seen with debug kernels: DMA-API: qla2xxx 0000:41:00.0: device driver failed to check map error device address=0x00000002a3ff38d8...
CVE-2022-50736
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix immediate work request flush to completion queue Correctly set send queue element opcode during immediate work request flushing in post sendqueue operation, if the QP is in ERROR state. An undefined ocode value...
CVE-2023-54057
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Add a length limitation for the ivrsacpihid command-line parameter The 'acpiid' buffer in the parseivrsacpihid function may overflow, because the string specifier in the format string sscanf has no width limitation...
CVE-2023-54144
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kernel warning during topology setup This patch fixes the following kernel warning seen during driver load by correctly initializing the p2plink attr before creating the sysfs file: +0.002865 ------------ cut here...
CVE-2023-54084
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-digi00x: prevent potential use after free This code was supposed to return an error code if initstream failed, but it instead freed dg00x-rxstream and returned success. This potentially leads to a use after free...
CVE-2023-54141
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Add missing hwops-getringselector for IPQ5018 During sending data after clients connected, hwops-getringselector will be called. But for IPQ5018, this member isn't set, and the following NULL pointer exception will ...
CVE-2023-54089
In the Linux kernel, the following vulnerability has been resolved: virtiopmem: add the missing REQOPWRITE for flush bio When doing mkfs.xfs on a pmem device, the following warning was ------------ cut here ------------ WARNING: CPU: 2 PID: 384 at block/blk-core.c:751 submitbionoacct Modules link...
CVE-2022-50782
In the Linux kernel, the following vulnerability has been resolved: ext4: fix bugon in estreesearch caused by bad quota inode We got a issue as fllows: ================================================================== kernel BUG at fs/ext4/extentsstatus.c:202! invalid opcode: 0000 1 PREEMPT SMP...
CVE-2022-50742
In the Linux kernel, the following vulnerability has been resolved: misc: ocxl: fix possible refcount leak in afuioctl eventfdctxput need to be called to put the refcount that gotten by eventfdctxfdget when ocxlirqsethandler fails...
CVE-2022-50753
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on summary info As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=216456 BUG: KASAN: use-after-free in recoverdata+0x63ae/0x6ae0 f2fs Read of size 4 at addr...
CVE-2023-54043
In the Linux kernel, the following vulnerability has been resolved: iommufd: Do not add the same hwpt to the ioas-hwptlist twice The hwpt is added to the hwptlist only during its creation, it is never added again. This hunk is some missed leftover from rework. Adding it twice will corrupt the...
CVE-2022-50780
In the Linux kernel, the following vulnerability has been resolved: net: fix UAF issue in nfqnlnfhookdrop when opsinit failed When the opsinit interface is invoked to initialize the net, but ops-init fails, data is released. However, the ptr pointer in net-gen is invalid. In this case, when...
CVE-2022-50778
In the Linux kernel, the following vulnerability has been resolved: fortify: Fix compiletimestrlen under UBSANBOUNDSLOCAL With CONFIGFORTIFY=y and CONFIGUBSANLOCALBOUNDS=y enabled, we observe a runtime panic while running Android's Compatibility Test Suite's CTS android.hardware.input.cts.tests...