68528 matches found
CVE-2025-43343
The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash...
CVE-2025-43356
The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A website may be able to access sensor information without user consent...
CVE-2025-43342
A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash...
CVE-2025-43272
The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash...
CVE-2025-43368
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing maliciously crafted web content may lead to an unexpected Safari crash...
CVE-2025-45091
Seafile versions 11.0.18-Pro, 12.0.10, and 12.0.10-Pro are vulnerable to a stored Cross-Site Scripting XSS attack. An authenticated attacker can exploit this vulnerability by modifying their username to include a malicious XSS payload in notification and activities...
CVE-2023-53227
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2022-50338
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2023-53246
In the Linux kernel, the following vulnerability has been resolved: cifs: fix DFS traversal oops without CONFIGCIFSDFSUPCALL When compiled with CONFIGCIFSDFSUPCALL disabled, cifsdfsdautomount is NULL. cifs.ko logic for mapping CIFSFATTRDFSREFERRAL attributes to SAUTOMOUNT and corresponding dentry...
CVE-2022-50289
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix memory leak in ocfs2stackglueinit ocfs2tableheader should be free in ocfs2stackglueinit if ocfs2sysfsinit failed, otherwise kmemleak will report memleak. BUG: memory leak unreferenced object 0xffff88810eeb5800 size 128...
CVE-2022-50294
In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix memory leak in lbsinitadapter When kfifoalloc failed in lbsinitadapter, cmd buffer is not released. Add free memory to processing error path...
CVE-2023-53241
In the Linux kernel, the following vulnerability has been resolved: nfsd: call oprelease, even when opfunc returns an error For ops with "trivial" replies, nfsd4encodeoperation will shortcut most of the encoding work and skip to just marshalling up the status. One of the things it skips is callin...
CVE-2023-53259
In the Linux kernel, the following vulnerability has been resolved: VMCI: check context-notifypage after call to getuserpagesfast to avoid GPF The call to getuserpagesfast in vmcihostsetupnotify can return NULL context-notifypage causing a GPF. To avoid GPF check if context-notifypage == NULL and...
CVE-2022-50313
In the Linux kernel, the following vulnerability has been resolved: erofs: fix order = MAXORDER warning due to crafted negative isize As syzbot reported 1, the root cause is that isize field is a signed type, and negative isize is also less than EROFSBLKSIZ. As a consequence, it's handled as fast...
CVE-2022-50284
In the Linux kernel, the following vulnerability has been resolved: ipc: fix memory leak in initmqueuefs When setupmqsysctls failed in initmqueuefs, mqueueinodecachep is not released. In order to fix this issue, the release path is reordered...
CVE-2023-53209
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211hwsim: Fix possible NULL dereference In a call to mac80211hwsimselecttxlink the sta pointer might be NULL, thus need to check that it is not NULL before accessing it...
CVE-2022-50301
In the Linux kernel, the following vulnerability has been resolved: iommu/omap: Fix buffer overflow in debugfs There are two issues here: 1 The "len" variable needs to be checked before the very first write. Otherwise if omap2iommudumpctx with "bytes" less than 32 it is a buffer overflow. 2 The...
CVE-2022-50281
In the Linux kernel, the following vulnerability has been resolved: MIPS: SGI-IP27: Fix platform-device leak in bridgeplatformcreate In error case in bridgeplatformcreate after calling platformdeviceadd/platformdeviceadddata/ platformdeviceaddresources, release the failed 'pdev' or it will be lea...
CVE-2022-50336
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add null pointer check to attrloadrunsvcn Some metadata files are handled before MFT. This adds a null pointer check for some corner cases that could lead to NPD while reading these metadata files for a malformed NTFS...
CVE-2023-53207
In the Linux kernel, the following vulnerability has been resolved: ublk: fail to recover device if queue setup is interrupted In ublkctrlendrecovery, if waitforcompletioninterruptible is interrupted by signal, queues aren't setup successfully yet, so we have to fail UBLKCMDENDUSERRECOVERY,...
CVE-2022-50290
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2022-50274
In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: adopts refcnt to avoid UAF dvbunregisterdevice is known that prone to use-after-free. That is, the cleanup from dvbunregisterdevice releases the dvbdevice even if there are pointers stored in file-privatedata still...
CVE-2022-50315
In the Linux kernel, the following vulnerability has been resolved: ata: ahci: Match EMMAXSLOTS with SATAPMPMAXPORTS UBSAN complains about array-index-out-of-bounds: 1.980703 kernel: UBSAN: array-index-out-of-bounds in /build/linux-9H675w/linux-5.15.0/drivers/ata/libahci.c:968:41 1.980709 kernel:...
CVE-2022-50299
In the Linux kernel, the following vulnerability has been resolved: md: Replace snprintf with scnprintf Current code produces a warning as shown below when total characters in the constituent block device names plus the slashes exceeds 200. snprintf returns the number of characters generated from...
CVE-2022-50324
In the Linux kernel, the following vulnerability has been resolved: mtd: maps: pxa2xx-flash: fix memory leak in probe Free 'info' upon remapping error to avoid a memory leak. : Reword the commit log...
CVE-2022-50326
In the Linux kernel, the following vulnerability has been resolved: media: airspy: fix memory leak in airspy probe The commit ca9dc8d06ab6 "media: airspy: respect the DMA coherency rules" moves variable buf from stack to heap, however, it only frees buf in the error handling code, missing...
CVE-2022-50332
In the Linux kernel, the following vulnerability has been resolved: video/aperture: Call sysfbdisable before removing PCI devices Call sysfbdisable from apertureremoveconflictingpcidevices before removing PCI devices. Without, simpledrm can still bind to simple-framebuffer devices after the...
CVE-2023-53257
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check S1G action frame size Before checking the action code, check that it even exists in the frame...
CVE-2023-53214
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential memory corruption in updateiostatlatency Add iotype sanity check to avoid potential memory corruption. This is to fix the compile error below: fs/f2fs/iostat.c:231 updateiostatlatency error: buffer...
CVE-2022-50316
In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orangefssysfsinit When insert and remove the orangefs module, there are kobjects memory leaked as below: unreferenced object 0xffff88810f95af00 size 64: comm "insmod", pid 783, jiffies 4294813439 age...
CVE-2022-50300
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix extent map use-after-free when handling missing device in readonechunk Store the error code before freeing the extentmap. Though it's reference counted structure, in that function it's the first and last allocation so...
CVE-2022-50292
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix bridge lifetime Device-managed resources allocated post component bind must be tied to the lifetime of the aggregate DRM device or they will not necessarily be released when binding of the aggregate device is...
CVE-2022-50277
In the Linux kernel, the following vulnerability has been resolved: ext4: don't allow journal inode to have encrypt flag Mounting a filesystem whose journal inode has the encrypt flag causes a NULL dereference in fscryptlimitioblocks when the 'inlinecrypt' mount option is used. The problem is tha...
CVE-2023-53244
In the Linux kernel, the following vulnerability has been resolved: media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish When the driver calls tw68riscbuffer to prepare the buffer, the function call dmaalloccoherent may fail, resulting in a empty buffer buf-cpu. Later when we free t...
CVE-2022-50330
In the Linux kernel, the following vulnerability has been resolved: crypto: cavium - prevent integer overflow loading firmware The "codelength" value comes from the firmware file. If your firmware is untrusted realistically there is probably very little you can do to protect yourself. Still we tr...
CVE-2022-50264
In the Linux kernel, the following vulnerability has been resolved: clk: socfpga: Fix memory leak in socfpgagateinit Free @socfpgaclk and @ops on the error path to avoid memory leak issue...
CVE-2023-53231
In the Linux kernel, the following vulnerability has been resolved: erofs: Fix detection of atomic context Current check for atomic context is not sufficient as zerofsdecompressqueueendio can be called under rcu lock from blkmqflushpluglist. See the stacktrace 1 In such case we should hand off th...
CVE-2022-50273
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on destination blkaddr during recovery As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=216456 loop5: detected capacity change from 0 to 131072 F2FS-fs loop5:...
CVE-2023-53219
In the Linux kernel, the following vulnerability has been resolved: media: netupunidvb: fix use-after-free at deltimer When Universal DVB card is detaching, netupunidvbdmafini uses deltimer to stop dma-timeout timer. But when timer handler netupunidvbdmatimeout is running, deltimer could not stop...
CVE-2022-50266
In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix check for probe enabled in killkprobe In killkprobe, the check whether disarmkprobeftrace needs to be called always fails. This is because before that we set the KPROBEFLAGGONE flag for kprobe so that...
CVE-2022-50272
In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: az6027: fix null-ptr-deref in az6027i2cxfer Wei Chen reports a kernel bug as blew: general protection fault, probably for non-canonical address KASAN: null-ptr-deref in range 0x0000000000000010-0x0000000000000017...
CVE-2022-50283
In the Linux kernel, the following vulnerability has been resolved: mtd: core: add missing ofnodeget in dynamic partitions code This fixes unbalanced ofnodeput: 1.078910 6 cmdlinepart partitions found on MTD device gpmi-nand 1.085116 Creating 6 MTD partitions on "gpmi-nand": 1.090181...
CVE-2022-50291
In the Linux kernel, the following vulnerability has been resolved: kcm: annotate data-races around kcm-rxpsock kcm-rxpsock can be read locklessly in kcmrfree. Annotate the read and writes accordingly. We do the same for kcm-rxwait in the following patch. syzbot reported: BUG: KCSAN: data-race in...
CVE-2023-53203
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: rely on mt76connac2mactxrateval In order to fix a possible NULL pointer dereference in mt7996macwritetxwi of vif pointer, export mt76connac2mactxrateval utility routine and reuse it in mt7996 driver...
CVE-2023-53232
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data The MT7921 driver no longer uses eeprom.data, but the relevant code has not been removed completely since commit 16d98b548365 "mt76: mt7921: rely on...
CVE-2022-50298
In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd: cleanup in probe error path Add proper error path in probe to cleanup resources previously acquired/allocated to fix warnings visible during probe deferral: notifier callback qcomslimngdssrnotify already...
CVE-2023-53206
In the Linux kernel, the following vulnerability has been resolved: hwmon: pmbuscore Fix NULL pointer dereference Pass i2cclient to pmbusisenabled to drop the assumption that a regulator device is passed in. This will fix the issue of a NULL pointer dereference when called from pmbusgetflags...
CVE-2022-50282
In the Linux kernel, the following vulnerability has been resolved: chardev: fix error handling in cdevdeviceadd While doing fault injection test, I got the following report: ------------ cut here ------------ kobject: 'null' 0000000039956980: is not initialized, yet kobjectput is being called...
CVE-2023-53222
In the Linux kernel, the following vulnerability has been resolved: jfs: jfsdmap: Validate dbl2nbperpage while mounting In jfsdmap.c at line 381, BLKTODMAP is used to get a logical block number inside dbFree. dbl2nbperpage, which is the log2 number of blocks per page, is passed as an argument to...
CVE-2022-50302
In the Linux kernel, the following vulnerability has been resolved: lockd: set other missing fields when unlocking files vfslockfile expects the struct filelock to be fully initialised by the caller. Re-exported NFSv3 has been seen to Oops if the flfile field is NULL...