CVE-2024-53173 NFSv4.0: Fix a use-after-free problem in the asynchronous open()
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-53173
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-53173
CVE-2023-46847 Squid: denial of service in http digest authentication
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-46847
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-46847
CVE-2023-5824 Squid: dos against http and https
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5824
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5824
CVE-2022-32206 curl < 7.84.0 supports "chained" HTTP compression algorithms meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb" makingcurl end up spending enormous amounts of allocated heap memory or trying toand returning out of memory errors.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-32206
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-32206
CVE-2022-32207 When curl < 7.84.0 saves cookies alt-svc and hsts data to local files it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation it might accidentally *widen* the permissions for the target file leaving the updated file accessible to more users than intended.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-32207
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-32207
CVE-2025-71074 functionfs: fix the open/removal races
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71074
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71074
CVE-2025-71081 ASoC: stm32: sai: fix OF node leak on probe
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71081
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71081
CVE-2025-71064 net: hns3: using the num_tqps in the vf driver to apply for resources
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71064
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71064
CVE-2025-68817 ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68817
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68817
CVE-2025-68819 media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68819
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68819
CVE-2025-71067 ntfs: set dummy blocksize to read boot_block when mounting
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71067
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71067
CVE-2025-71066 net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71066
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71066
CVE-2025-68808 media: vidtv: initialize local pointers upon transfer of memory ownership
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68808
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68808
CVE-2025-68781 usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68781
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68781
CVE-2025-68823 ublk: fix deadlock when reading partition table
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68823
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68823
CVE-2026-22702 virtualenv Has TOCTOU Vulnerabilities in Directory Creation
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-22702
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-22702
CVE-2026-21860 Werkzeug safe_join() allows Windows special device names with compound extensions
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21860
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21860
CVE-2025-14819 OpenSSL partial chain store policy bypass
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14819
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14819
CVE-2025-15079 libssh global known_hosts override
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-15079
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-15079
CVE-2025-14524 bearer token leak on cross-protocol redirect
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14524
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14524
CVE-2025-15224 libssh key passphrase bypass without agent set
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-15224
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-15224