In the Linux kernel, the following vulnerability has been resolved: thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header The intel-lpmd tool [1], which uses the THERMAL_GENL_ATTR_CPU_CAPABILITY attribute to receive HFI events from kernel space, encounters a segmentation …

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

An XSS issue was discovered in the Bootstrap 5 Lite theme before 1.x-1.0.3 for Backdrop CMS. It doesn't sufficiently sanitize certain class names.

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_midi: fix MIDI Streaming descriptor lengths While the MIDI jacks are configured correctly, and the MIDIStreaming endpoint descriptors are filled with the correct information, bNumEmbMIDIJack and bLength are set inc…

In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created for legacy selected buffer and has been emptied. It violates the requirement that most of the field…

ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.

An XSS issue was discovered in the Bootstrap Lite theme before 1.x-1.4.5 for Backdrop CMS. It doesn't sufficiently sanitize certain class names.

An XSS issue was discovered in the Link iframe formatter module before 1.x-1.1.1 for Backdrop CMS. It doesn't sufficiently sanitize input before displaying results to the screen. This vulnerability is mitigated by the fact that an attacker must have the ability to create content containing an iFram…

ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.

operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be disregarded during the first scan of a card. Exploitation may not have been possible.