CVE-2025-68766 irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68766
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68766
CVE-2025-68753 ALSA: firewire-motu: add bounds check in put_user loop for DSP events
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68753
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68753
CVE-2025-21839 KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21839
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21839
CVE-2025-2953 PyTorch torch.mkldnn_max_pool2d denial of service
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-2953
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-2953
CVE-2024-58089 btrfs: fix double accounting race when btrfs_run_delalloc_range() failed
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-58089
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-58089
CVE-2020-36426 An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-36426
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-36426
CVE-2022-27782 libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However several TLS andSSH settings were left out from the configuration match checks making themmatch too easily.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-27782
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-27782
CVE-2022-22576 An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S) IMAP(S) POP3(S) and LDAP(S) (openldap only).
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22576
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22576
CVE-2025-66382 In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66382
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66382
CVE-2025-58436 OpenPrinting CUPS slow client can halt cupsd, leading to a possible DoS attack
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58436
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58436
CVE-2023-53543 vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53543
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-53543
CVE-2025-38656 wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38656
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38656
CVE-2025-68973 In GnuPG through 2.4.8, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68973
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-68973
CVE-2026-21620 TFTP Path Traversal
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21620
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21620
CVE-2026-27211 Cloud Hypervisor: Host File Exfiltration via QCOW Backing File Abuse
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27211
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27211
CVE-2026-26960 node-tar has Arbitrary File Read/Write via Hardlink Target Escape Through Symlink Chain in Extraction
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26960
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26960
CVE-2026-2739 This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2739
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-2739
CVE-2026-27199 Werkzeug safe_join() allows Windows special device names
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27199
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27199
CVE-2021-20233 A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-20233
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-20233
CVE-2021-20225 A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-20225
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-20225
CVE-2025-11563 wcurl path traversal with percent-encoded slashes
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11563
Information published.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11563