1438Articles
7Categories
2026-02-18Date
🚨 CISA KEV 2[−]
18 Feb KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2021-22175 GitLab Server-Side Request Forgery (SSRF) Vulnerability CVE-2026-22769 Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Har…CISA.GOV
18 Feb KEVVulnerability Report - January 2026submitted by cm0002 to cybersecurity 6 points | 0 comments Introduction This vulnerability report has been generated using data aggregated on Vulnerability-Lookup , with contributions from the platform’s community. It highlights the most frequently mentioned vulnerability for Jan…INFOSEC.PUB
🐛 COMMON VULNERABILITIES AND EXPOSURES 1425[−]
18 FebAI Found Twelve New Vulnerabilities in OpenSSLThe title of the post is” What AI Security Research Looks Like When It Works ,” and I agree: In the latest OpenSSL security release> on January 27, 2026, twelve new zero-day vulnerabilities (meaning unknown to the maintainers at time of disclosure) were announced.…SCHNEIER.COM
18 FebChromium: CVE-2026-2319 Race in DevToolsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
18 FebChromium: CVE-2026-2316 Insufficient policy enforcement in FramesThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
18 FebChromium: CVE-2026-2314 Heap buffer overflow in CodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
18 FebChromium: CVE-2026-2322 Heap buffer overflow in CodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.MSRC.MICROSOFT.COM
18 FebCVE-2021-32714 Integer Overflow in Chunked Transfer-EncodingInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-2861 Qemu: 9pfs: improper access control on special filesInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-5764 Ansible: template injectionInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-39326 Denial of service via chunk extensions in net/httpInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21862 drop_monitor: fix incorrect initialization orderInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-30211 KEX init error results with excessive memory usageInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-58055 usb: gadget: f_tcm: Don't free command immediatelyInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21848 nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21853 bpf: avoid holding freeze_mutex during mmap operationInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21858 geneve: Fix use-after-free in geneve_find_dev().Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-27423 Improper Input Validation in VimInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-40635 containerd has an integer overflow in User ID handlingInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-58058 ubifs: skip dumping tnc tree when zroot is nullInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2021-4160 BN_mod_exp may produce incorrect results on MIPSInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-68471 Avahi has a reachable assertion in lookup_startInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-71087 iavf: fix off-by-one issues in iavf_config_rss_reg()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-68814 io_uring: fix filename leak in __io_openat_prep()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-68816 net/mlx5: fw_tracer, Validate format string parametersInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2026-0861 Integer overflow in memalign leads to heap corruptionInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-68757 drm/vgem-fence: Fix potential deadlock on releaseInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-68803 NFSD: NFSv4 file creation neglects setting ACLInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-68767 hfsplus: Verify inode mode when loading from diskInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-68789 hwmon: (ibmpex) fix use-after-free in high/low storeInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-71089 iommu: disable SVA when CONFIG_X86 is setInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-71093 e1000: fix OOB in e1000_tbi_should_accept()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-71082 Bluetooth: btusb: revert use of devm_kzalloc in btusbInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-68798 perf/x86/amd: Check event before enable to avoid GPFInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-68768 inet: frags: flush pending skbs in fqdir_pre_exit()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-68782 scsi: target: Reset t_task_cdb pointer in error caseInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-68801 mlxsw: spectrum_router: Fix neighbour use-after-freeInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-71083 drm/ttm: Avoid NULL pointer deref for evicted BOsInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-71068 svcrdma: bound check rq_pages index in inline pathInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-71065 f2fs: fix to avoid potential deadlockInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-68787 netrom: Fix memory leak in nr_sendmsg()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-68769 f2fs: fix return value of f2fs_recover_fsync_data()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-71084 RDMA/cm: Fix leaking the multicast GID table referenceInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-71072 shmem: fix recovery on rename failuresInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-68809 ksmbd: vfs: fix race on m_flags in vfs_cacheInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-71077 tpm: Cap the number of PCR banksInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-71088 mptcp: fallback earlier on simult connectionInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-71098 ip6_gre: make ip6gre_header() robustInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-71094 net: usb: asix: validate PHY address before useInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-71119 powerpc/kexec: Enable SMT before waking offline CPUsInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-2929 DHCP memory leakInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-2928 An option refcount overflow exists in dhcpdInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2021-28210 An unlimited recursion in DxeCore in EDK II.Information published.MSRC.MICROSOFT.COM
18 FebCVE-2021-23840 Integer overflow in CipherUpdateInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2020-28493 Regular Expression Denial of Service (ReDoS)Information published.MSRC.MICROSOFT.COM
18 FebCVE-2022-1292 The c_rehash script allows command injectionInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-30552 Das U-Boot 2022.01 has a Buffer Overflow.Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-68338 net: dsa: microchip: Don't free uninitialized ksz_irqInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-40339 drm/amdgpu: fix nullptr err of vm_handle_movedInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-68334 platform/x86/amd/pmc: Add support for Van Gogh SoCInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-23523 rust-vmm linux-loader vulnerable to Out-of-bounds ReadInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-0215 Use-after-free following BIO_new_NDEFInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-41724 Panic on large handshake records in crypto/tlsInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-41722 Path traversal on Windows in path/filepathInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-0286 X.400 address type confusion in X.509 GeneralNameInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-41725 Excessive resource consumption in mime/multipartInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-4450 Double free after calling PEM_read_bio_exInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-20260 ClamAV PDF Scanning Buffer Overflow VulnerabilityInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38051 smb: client: Fix use-after-free in cifs_fill_direntInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38075 scsi: target: iscsi: Fix timeout on deleted connectionInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38078 ALSA: pcm: Fix race of buffer access at PCM OSS layerInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-4565 Unbounded recursion in Python ProtobufInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-4748 Absolute path traversal in zip:unzip/1,2Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-5318 Libssh: out-of-bounds read in sftp_handle()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-6020 Linux-pam: linux-pam directory traversalInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-6032 Podman: podman missing tls verificationInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38045 wifi: iwlwifi: fix debug actions orderInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38068 crypto: lzo - Fix compression buffer overrunInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38083 net_sched: prio: fix a race in prio_tune()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38085 mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast raceInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38087 net/sched: fix use-after-free in taprio_dev_notifierInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-50230 arm64: set UXN on swapper page tablesInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-2097 AES OCB fails to encrypt some bytesInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-31627 Heap buffer overflow in finfo_bufferInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-53227 scsi: bfa: Fix use-after-free in bfad_im_module_exit()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-56551 drm/amdgpu: fix usage slab after freeInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-56614 xsk: fix OOB map writes when deleting elementsInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-56615 bpf: fix OOB devmap writes when deleting elementsInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-56635 net: avoid potential UAF in default_operstate()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-53239 ALSA: 6fire: Release resources at card releaseInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-56596 jfs: fix array-index-out-of-bounds in jfs_readdirInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-56708 EDAC/igen6: Avoid segmentation fault on module unloadInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-53170 block: fix uaf for flush rq while iterating tagsInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-53166 block, bfq: fix bfqq uaf in bfq_limit_depth()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-56631 scsi: sg: Fix slab-use-after-free read in sg_release()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-56627 ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_readInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-26588 LoongArch: BPF: Prevent out-of-bounds memory accessInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-23807 Apache Xerces C++: Use-after-free on external DTD scanInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-26584 net: tls: handle backlogging of crypto requestsInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-26587 net: netdevsim: don't try to destroy PHC on VFsInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-52435 net: prevent mss overflow in skb_segment()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-47670 ocfs2: add bounds checking to ocfs2_xattr_find_entry()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-47723 jfs: fix out-of-bounds in dbNextAG() and diAlloc()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-47748 vhost_vdpa: assign irq bypass producer token correctlyInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-49761 REXML ReDoS vulnerabilityInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-49860 ACPI: sysfs: validate return type of _STR methodInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-49862 powercap: intel_rapl: Fix off by one in get_rpi()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-49871 Input: adp5589-keys - fix NULL pointer dereferenceInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-49875 nfsd: map the EBADMSG to nfserr_io to avoid warningInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-49883 ext4: aovid use-after-free in ext4_ext_insert_extent()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-49889 ext4: avoid use-after-free in ext4_ext_show_leaf()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-49936 net/xen-netback: prevent UAF in xenvif_flush_hash()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-49957 ocfs2: fix null-ptr-deref when journal load failed.Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-49997 net: ethernet: lantiq_etop: fix memory disclosureInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-50035 ppp: fix ppp_async_encode() illegal accessInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-50039 net/sched: accept TCA_STAB only for root qdiscInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-47671 USB: usbtmc: prevent kernel-usb-infoleakInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-47692 nfsd: return -EINVAL when namelen is 0Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-47710 sock_map: Add a cond_resched() in sock_hash_free()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-47742 firmware_loader: Block path traversalInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-49881 ext4: update orig_path in ext4_find_extent()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-49896 drm/amd/display: Check stream before comparing themInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-49900 jfs: Fix uninit-value access of new_ea in ea_bufferInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-49903 jfs: Fix uaf in dbFreeBitsInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-49960 ext4: fix timer use-after-free on failed mountInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-49975 uprobes: fix kernel info leak via "[uprobes]" vmaInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-49995 tipc: guard against string buffer overrunInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-50000 net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-50013 exfat: fix memory leak in exfat_load_bitmap()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-50019 kthread: unpark only parked kthreadInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-50024 net: Fix an unsafe loop on the listInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-50036 net: do not delay dst_entries_add() in dst_release()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-50038 netfilter: xtables: avoid NFPROTO_UNSPEC where neededInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-50040 igb: Do not bring the device up after non-fatal errorInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-50083 tcp: fix mptcp DSS corruption due to large pmtu xmitInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-47726 f2fs: fix to wait dio completionInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-10041 Pam: libpam: libpam vulnerable to read hashed passwordInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-29038 tpm2 does not detect if quote was not generated by TPMInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-38541 of: module: add buffer overflow check in of_modalias()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-36967 KEYS: trusted: Fix memory leak in tpm2_key_encode()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-38381 nfc: nci: Fix uninit-value in nci_rx_workInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-48716 ASoC: codecs: wcd938x: fix incorrect used of portidInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-2650 Possible DoS translating ASN.1 object identifiersInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-24539 Improper sanitization of CSS values in html/templateInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-31130 Buffer Underwrite in ares_inet_net_pton()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2023-32067 0-byte UDP payload DoS in c-aresInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-4806 Glibc: potential use-after-free in getaddrinfo()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2023-5156 Glibc: dos due to memory leak in getaddrinfo.cInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-4318 Cri-o: /etc/passwd tampering privescInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-41330 Unsafe deserialization in knplabs/knp-snappyInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-4785 Denial of Service in gRPC CoreInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-44974 mptcp: pm: avoid possible UaF when selecting endpInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-44983 netfilter: flowtable: validate vlan headerInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-44987 ipv6: prevent UAF in ip6_send_skb()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-44989 bonding: fix xfrm real_dev null pointer dereferenceInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-44998 atm: idt77252: prevent use after free in dequeue_rx()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-45010 mptcp: pm: only mark 'subflow' endp as availableInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-46673 scsi: aacraid: Fix double-free on probe failureInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-46677 gtp: fix a potential NULL pointer dereferenceInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-6119 Possible denial of service in X.509 name checksInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-34158 Stack exhaustion in Parse in go/build/constraintInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-46733 btrfs: fix qgroup reserve leaks in cow_file_rangeInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-34156 Stack exhaustion in Decoder.Decode in encoding/gobInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-34155 Stack exhaustion in all Parse functions in go/parserInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-20505 ClamAV Memory Handling DoSInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-20506 ClamAV Privilege Handling Escalation VulnerabilityInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-43796 express vulnerable to XSS via response.redirect()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-44985 ipv6: prevent possible UAF in ip6_xmit()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-44986 ipv6: fix possible UAF in ip6_finish_output2()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-44999 gtp: pull network headers in gtp_dev_xmit()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-6232 Regular-expression DoS when parsing TarFile headersInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-8096 OCSP stapling bypass with GnuTLSInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-32324 OpenPrinting CUPS vulnerable to heap buffer overflowInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-32731 Information leak in gRPCInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-29402 Code injection via go command with cgo in cmd/goInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-32732 Denial-of-Service in gRPCInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-29403 Unsafe behavior in setuid/setgid binaries in runtimeInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-21698 Uncontrolled Resource Consumption in promhttpInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-3509 Parsing issue in protobuf textformatInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-3510 Parsing issue in protobuf message-type extensionInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21922 ppp: Fix KMSAN uninit-value warning with bpfInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21934 rapidio: fix an API misues when rio_add_net() failsInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21999 proc: fix UAF in proc_get_inode()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-22010 RDMA/hns: Fix soft lockup during bt pages loopInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-22014 soc: qcom: pdr: Fix the potential deadlockInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-32050 Libsoup: integer overflow in append_param_quotedInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-32052 Libsoup: heap buffer overflow in sniff_unknown()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-22025 nfsd: put dl_stid if fail to queue dl_recallInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-22043 ksmbd: add bounds check for durable handle contextInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-22058 udp: Fix memory accounting leak.Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-22072 spufs: fix gang directory lifetimesInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-22126 md: fix mddev uaf while iterating all_mddevs listInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-22104 ibmvnic: Use kernel helpers for hex dumpsInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21917 usb: renesas_usbhs: Flush the notify_hotplug_workInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21920 vlan: enforce underlying device typeInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21957 scsi: qla1280: Fix kernel oops when debug level > 2Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21981 ice: fix memory leak in aRFS after resetInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-22007 Bluetooth: Fix error code in chan_alloc_skb_cb()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21945 ksmbd: fix use-after-free in smb2_lockInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21979 wifi: cfg80211: cancel wiphy_work before freeing wiphyInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-22042 ksmbd: add bounds check for create lease contextInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-22049 LoongArch: Increase ARCH_DMA_MINALIGN up to 16Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-22057 net: decrease cached dst counters in dst_releaseInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-22060 net: mvpp2: Prevent parser TCAM memory corruptionInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-22073 spufs: fix a leak on spufs_new_file() failureInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-42277 iommu: sprd: Avoid NULL deref in sprd_iommu_hw_enInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-43873 vhost/vsock: always initialize seqpacket_allowInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-43890 tracing: Fix overflow in get_free_elt()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-43892 memcg: protect concurrent access to mem_cgroup_idrInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-44946 kcm: Serialise kcm_sendmsg() for the same socket.Information published.MSRC.MICROSOFT.COM
18 FebCVE-2023-52913 drm/i915: Fix potential context UAFsInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-48893 drm/i915/gt: Cleanup partial engine discovery failuresInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-44938 jfs: Fix shift-out-of-bounds in dbDiscardAGInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-52905 octeontx2-pf: Fix resource leakage in VF driver unbindInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-42280 mISDN: Fix a use after free in hfcmulti_tx()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-42286 scsi: qla2xxx: validate nvme_local_port correctlyInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-42287 scsi: qla2xxx: Complete command early within lockInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-42288 scsi: qla2xxx: Fix for possible memory corruptionInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-43861 net: usb: qmi_wwan: fix memory leak for not ip packetsInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-43863 drm/vmwgfx: Fix a deadlock in dma buf fence pollingInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-43891 tracing: Have format file honor EVENT_FILE_FL_FREEDInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-43846 lib: objagg: Fix general protection faultInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-42252 closures: Change BUG_ON() to WARN_ON()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-43913 nvme: apple: fix device reference countingInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-24795 Buffer Overflow and Integer Overflow in yajl-rubyInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-32989 Gnutls: vulnerability in gnutls sct extension parsingInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38100 x86/iopl: Cure TIF_IO_BITMAP inconsistenciesInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38108 net_sched: red: fix a race in __red_change()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38127 ice: fix Tx scheduler error handling in XDP callbackInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38167 fs/ntfs3: handle hdr_first_de() return valueInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38193 net_sched: sch_sfq: reject invalid perturb periodInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38212 ipc: fix to protect IPCS lookups using RCUInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38218 f2fs: fix to do sanity check on sit_bitmap_sizeInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38226 media: vivid: Change the siize of the composingInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38239 scsi: megaraid_sas: Fix invalid node indexInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-49630 Apache HTTP Server: mod_proxy_http2 denial of serviceInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-49812 Apache HTTP Server: mod_ssl TLS upgrade attackInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38206 exfat: fix double free in delayed_freeInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38261 riscv: save the SR_SUM status over switchesInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-7207 mruby nregs codegen.c scope_new heap-based overflowInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-5994 Cache poisoning via the ECS-enabled Rebirthday AttackInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-42516 Apache HTTP Server: HTTP response splittingInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-32988 Gnutls: vulnerability in gnutls othername san exportInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38107 net_sched: ets: fix a race in ets_qdisc_change()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38109 net/mlx5: Fix ECVF vports unload on shutdown flowInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38112 net: Fix TOCTOU issue in sk_is_readable()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38119 scsi: core: ufs: Fix a hang in the error handlerInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38123 net: wwan: t7xx: Fix napi rx poll issueInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38138 dmaengine: ti: Add NULL check in udma_probe()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38143 backlight: pm8941: Add NULL check in wled_configure()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38146 net: openvswitch: Fix the dead loop of MPLS parseInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38147 calipso: Don't call calipso functions for AF_INET sk.Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38158 hisi_acc_vfio_pci: fix XQE dma address errorInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38165 bpf, sockmap: Fix panic when calling skb_linearizeInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38180 net: atm: fix /proc/net/atm/lec handlingInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38192 net: clear the dst when changing skb protocolInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38197 platform/x86: dell_rbu: Fix list usageInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38208 smb: client: add NULL check in automount_fullpathInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38217 hwmon: (ftsteutates) Fix TOCTOU race in fts_read()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38321 smb: Log an error when close_all_cached_dirs failsInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-53020 Apache HTTP Server: HTTP/2 DoS by Memory IncreaseInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-6965 Integer Truncation on SQLiteInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-24294Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-39480 kdb: Fix buffer overflow during tab-completeInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-39908 Denial of service in REXMLInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-40902 jfs: xattr: fix buffer overflow for invalid xattrInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-41007 tcp: avoid too many retransmit packetsInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-41010 bpf: Fix too early release of tcx_entryInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-41810 HTML injection in HTTP redirect bodyInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-42071 ionic: use dev_consume_skb_any outside of napiInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-42080 RDMA/restrack: Fix potential invalid address accessInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-42082 xdp: Remove WARN() from __xdp_reg_mem_model()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-6345 Remote Code Execution in pypa/setuptoolsInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-40979 wifi: ath12k: fix kernel crash during resumeInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-1975 SIG(0) can be used to exhaust CPU resourcesInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-3651 Denial of Service via Quadratic Complexity in kjd/idnaInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-38473 Apache HTTP Server proxy encoding problemInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-39479 drm/i915/hwmon: Get rid of devmInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-39481 media: mc: Fix graph walk in media_pipeline_startInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-39482 bcache: fix variable length array abuse in btree_iterInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-39494 ima: Fix use-after-free on a dentry's dname.nameInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-41009 bpf: Fix overrunning reservations in ringbufInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-41110 Moby authz zero length regressionInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-41671 twisted.web has disordered HTTP pipeline responseInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-42075 bpf: Fix remap of arena.Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-42078 nfsd: initialise nfsd_info.mutex early.Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-42079 gfs2: Fix NULL pointer dereference in gfs2_log_flushInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-42083 ionic: fix kernel panic due to multi-buffer handlingInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-42225 wifi: mt76: replace skb_put with skb_put_zeroInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-42229 crypto: aeadcipher - zeroize key buffer after useInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-42230 powerpc/pseries: Fix scv instruction crash with kexecInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-6655 Gtk3: gtk2: library injection from cwdInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-6874 macidn punycode buffer overreadInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-40965 i2c: lpi2c: Avoid calling clk_get_rate during transferInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-24531 Output of "go env" does not sanitize values in cmd/goInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-4467 Qemu-kvm: 'qemu-img info' leads to host file read/writeInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-24537 Infinite loop in parsing in go/scannerInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-0409 Xorg-x11-server: selinux context corruptionInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-0727 PKCS12 Decoding crashesInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-22195 Jinja vulnerable to Cross-Site Scripting (XSS)Information published.MSRC.MICROSOFT.COM
18 FebCVE-2023-4001 Grub2: bypass the grub password protection featureInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-7192 Kernel: refcount leak in ctnetlink_create_conntrack()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-0553 Gnutls: incomplete fix for cve-2023-5981Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-23307 Integer overflow in raid5_cache_count in Linux kernelInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-40546 Shim: out-of-bounds read printing error messagesInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-2602 io_uring UAF Unix SCM garbage collectionInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-0408 Xorg-x11-server: selinux unlabeled glx pbufferInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21707 mptcp: consolidate suboption statusInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21731 nbd: don't allow reconnect after disconnectInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21736 nilfs2: fix possible int overflows in nilfs_fiemap()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21748 ksmbd: fix integer overflows on 32 bit systemsInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21749 net: rose: lock the socket in rose_bind()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21787 team: better TEAM_OPTION_TYPE_STRING validationInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21791 vrf: use RCU protection in l3mdev_l3_out()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21814 ptp: Ensure info->enable callback is always setInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-58005 tpm: Change to kvalloc() in eventlog/acpi.cInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-58020 HID: multitouch: Add NULL check in mt_input_configuredInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-49728 ipv6: Fix signed integer overflow in __ip6_append_dataInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21727 padata: fix UAF in padata_reorderInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-57852 firmware: qcom: scm: smc: Handle missing SCM deviceInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-49108 clk: mediatek: Fix memory leaks on probeInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-49125 drm/sprd: fix potential NULL dereferenceInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-57977 memcg: fix soft lockup in the OOM processInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21718 net: rose: fix timer races against user threadsInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21741 usbnet: ipheth: fix DPE OoB readInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21742 usbnet: ipheth: use static NDP16 location in URBInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21782 orangefs: fix a oob in orangefs_debug_writeInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21820 tty: xilinx_uartps: split sysrq handlingInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-57980 media: uvcvideo: Fix double free in error pathInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-58002 media: uvcvideo: Remove dangling pointersInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-49636 vlan: fix memory leak in vlan_newlink()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-54458 scsi: ufs: bsg: Set bsg_queue to NULL after removalInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21715 net: davicom: fix UAF in dm9000_drv_removeInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21735 NFC: nci: Add bounds checking in nci_hci_create_pipe()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-58015 wifi: ath12k: Fix for out-of bound access errorInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21751 net/mlx5: HWS, change error flow on matcher disconnectInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-4741 Use After Free with SSL_free_buffersInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-38178 Memory leaks in EdDSA DNSSEC verification codeInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2022-38177 Memory leak in ECDSA DNSSEC verification codeInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21613 go-git has an Argument Injection via the URL fieldInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21665 filemap: avoid truncating 64-bit offset to 32 bitsInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-22150 Undici Uses Insufficiently Random ValuesInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-24014 segmentation fault in win_line() in Vim < 9.1.1043Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-56763 tracing: Prevent bad count for tracing_cpumask_writeInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-57882 mptcp: fix TCP options overflow.Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-57940 exfat: fix the infinite loop in exfat_readdir()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-57900 ila: serialize calls to nf_register_net_hooks()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21634 cgroup/cpuset: remove kernfs active breakInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-0938 URL parser allowed square brackets in domain namesInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21631 block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21683 bpf: Fix bpf_sk_select_reuseport() memory leakInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-13176 Timing side-channel in ECDSA signature computationInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-49569 nvme-rdma: unquiesce admin_q before destroy itInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-57850 jffs2: Prevent rtime decompress memory corruptionInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-21672 afs: Fix merge preference rule failure conditionInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2021-26291 block repositories using http by defaultInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-2410 Use after free in C++ protobufInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-34062 tqdm CLI arguments injection attackInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-4068 Memory Exhaustion in bracesInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2021-47482 net: batman-adv: fix error handlingInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-27407 fs/ntfs3: Fixed overflow check in mi_enum_attr()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-35870 smb: client: fix UAF in smb2_reconnect_server()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-35843 iommu/vt-d: Use device rbtree in iopf reporting pathInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-52656 io_uring: drop any code related to SCM_RIGHTSInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-26986 drm/amdkfd: Fix memory leak in create_process failureInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-27050 libbpf: Use OPTS_SET() macro in bpf_xdp_query()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-27053 wifi: wilc1000: fix RCU usage in connect pathInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-33600 nscd: Null pointer crashes after notfound responseInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-35176 REXML contains a denial of service vulnerabilityInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-35801 x86/fpu: Keep xfd_state in sync with MSR_IA32_XFDInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-35848 eeprom: at24: fix memory corruption race conditionInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-36008 ipv4: check for NULL idev in ip_route_use_hint()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-4323 Fluent Bit Memory Corruption VulnerabilityInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-4603 Excessive time spent checking DSA keys and parametersInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-36910 uio_hv_generic: Don't free decrypted memoryInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-37920 Certifi's removal of e-Tugra root certificateInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-3817 Excessive time spent checking DH q parameter valueInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-29406 Insufficient sanitization of Host header in net/httpInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-23145 mptcp: fix NULL pointer in can_accept_new_subflowInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-23163 net: vlan: don't propagate flags on openInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37755 net: libwx: handle page_pool_dev_alloc_pages errorInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37773 virtiofs: add filesystem context source name checkInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37808 crypto: null - Use spin lock instead of mutexInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37851 fbdev: omapfb: Add 'plane' value checkInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37875 igc: fix PTM cycle trigger logicInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37909 net: lan743x: Fix memleak issue when GSO enabledInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37956 ksmbd: prevent rename with empty stringInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37983 qibfs: fix _another_ leakInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37992 net_sched: Flush gso_skb list too during ->change()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37997 netfilter: ipset: fix region locking in hash typesInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37757 tipc: fix memory leak in tipc_link_xmitInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37766 drm/amd/pm: Prevent division by zeroInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37768 drm/amd/pm: Prevent division by zeroInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37769 drm/amd/pm/smu11: Prevent division by zeroInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37770 drm/amd/pm: Prevent division by zeroInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37771 drm/amd/pm: Prevent division by zeroInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37780 isofs: Prevent the use of too small fidInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37792 Bluetooth: btrtl: Prevent potential NULL dereferenceInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37812 usb: cdns3: Fix deadlock when using NCM gadgetInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37817 mcb: fix a double free bug in chameleon_parse_gdd()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37840 mtd: rawnand: brcmnand: fix PM resume warningInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37844 cifs: avoid NULL pointer dereference in dbg callInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37854 drm/amdkfd: Fix mode1 reset crash issueInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37857 scsi: st: Fix array overflow in st_setup()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37867 RDMA/core: Silence oversized kvmalloc() warningInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37874 net: ngbe: fix memory leak in ngbe_probe() error pathInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37883 s390/sclp: Add check for get_zeroed_page()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37886 pds_core: make wait_context part of q_infoInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37911 bnxt_en: Fix out-of-bound memcpy() during ethtool -wInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37933 octeon_ep: Fix host hang issue during device rebootInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37940 ftrace: Add cond_resched() to ftrace_graph_set_hash()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37967 usb: typec: ucsi: displayport: Fix deadlockInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37979 ASoC: qcom: Fix sc7280 lpass potential buffer overflowInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37982 wifi: wl1251: fix memory leak in wl1251_tx_workInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-37744 wifi: ath12k: fix memory leak in ath12k_pci_remove()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2024-2398 HTTP/2 push headers memory-leakInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-2466 TLS certificate check bypass with mbedTLSInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-29180 webpack-dev-middleware Path Traversal vulnerabilityInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-0450 Quoted zip-bomb protection for zipfileInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-1753 Buildah: full container escape at build timeInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-2002 Libdwarf: crashes randomly on fuzzed objectInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-2004 Usage of disabled protocolInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-27289 pgx SQL Injection via Line Comment CreationInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-27304 pgx SQL Injection via Protocol Message Size OverflowInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-29041 Express.js Open Redirect in malformed URLsInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-29195 Azure C SDK Integer Wraparound VulnerabilityInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-7250 Iperf3: possible denial of serviceInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-39533 libp2p nodes vulnerable to attack using large RSA keysInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-3180 Heap buffer overflow in virtio_crypto_sym_op_helper()Information published.MSRC.MICROSOFT.COM
18 FebCVE-2023-33953 Denial-of-Service in gRPCInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-29409 Large RSA keys can cause high CPU usage in crypto/tlsInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-26884 bpf: Fix hashtab overflow check on 32-bit archesInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-45288 HTTP/2 CONTINUATION flood in net/httpInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2023-6237 Excessive time spent checking invalid RSA public keysInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-26811 ksmbd: validate payload size in ipc responseInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-0874 Coredns: cd bit response is cached and served laterInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-26883 bpf: Fix stackmap overflow check on 32-bit archesInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-26885 bpf: Fix DEVMAP_HASH overflow check on 32-bit archesInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-26900 md: fix kmemleak of rdev->serialInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-26902 perf: RISCV: Fix panic on pmu overflow handlerInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-2757 PHP mb_encode_mimeheader runs endlessly for some inputsInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2024-27437 vfio/pci: Disable auto-enable of exclusive INTx IRQInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-39750 wifi: ath12k: Correct tid cleanup when tid setup failsInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-39743 jfs: truncate good inode pages when hard link is 0Information published.MSRC.MICROSOFT.COM
18 FebCVE-2025-10148 predictable WebSocket maskInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38692 exfat: add cluster chain loop check for dirInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-38735 gve: prevent ethtool ops after shutdownInformation published.MSRC.MICROSOFT.COM
18 FebCVE-2025-39694 s390/sclp: Fix SCCB present checkInformation published.MSRC.MICROSOFT.COM
18 FebZDI-26-107: Autodesk AutoCAD MODEL File Out-Of-Bounds Write Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rati…ZERODAYINITIATIVE.COM
18 FebZDI-26-106: Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rati…ZERODAYINITIATIVE.COM
⚠️ VULNERABILITY DISCLOSURE 3[−]
18 FebA Vulnerability in Dell RecoverPoint for Virtual Machines Could Allow for Arbitrary Code ExecutionA vulnerability has been discovered in Dell RecoverPoint for Virtual Machines which could allow for arbitrary code execution. Dell RecoverPoint for Virtual Machines is an enterprise-grade solution for VMware Virtual Machines (VMs) enabling local, remote, and concurrent local and …CISECURITY.ORG
18 FebA Vulnerability in Google Chrome Could Allow for Arbitrary Code ExecutionA vulnerability has been discovered in Google Chrome which could allow for arbitrary code execution. Successful exploitation of the vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an…CISECURITY.ORG
18 FebNews alert: CredShields research informs OWASP’s 2026 ‘Smart Contract Security Priorities Project’SINGAPORE, Feb. 17th, 2026, CyberNewswire — The OWASP Smart Contract Security Project has released the OWASP Smart Contract Top 10 2026, a risk prioritization framework developed from structured analysis of real world exploit data observed across blockchain ecosystems in 2025.…LASTWATCHDOG.COM
📢 SECURITY ADVISORIES 2[−]
18 FebCarelessness versus craftsmanship in cryptographyTwo popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. These bugs potentially affect thousands of downstream projects. When we shared one of these bugs with an affected vendor, strongSwan…TRAILOFBITS.COM
18 FebRisky Business #825 -- Palo Alto Networks blames it on the boogieOn this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They cover: Palo Alto threat researchers want to attribute to China, but management says shush An increasing proportion of ransomware is data extortion. Is this good? Cambodia …RISKY.BIZ
🔥 INCIDENT REPORTING 3[−]
18 FebOpenClaw: Info Stealers Take Your SoulInfo Stealers Target OpenClaw, a Robot Vacuum API Flaw Exposes Thousands, Best Buy Fraud Shows Zero Trust Context, and Canada Goose Data Leaked via Supplier The episode covers multiple security incidents and lessons. Hudson Rock details how an info stealer malware infection can v…CYBERSECURITYTODAY.LIBSYN.COM
18 FebFigure - 967,178 breached accountsIn February 2026, data obtained from the fintech lending platform Figure was publicly posted online . The exposed data, dating back to January 2026, contained over 900k unique email addresses along with names, phone numbers, physical addresses and dates of birth. Figure confirmed…HAVEIBEENPWNED.COM
18 FebGrayCharlie Hijacks Law Firm Sites in Suspected Supply-Chain AttackGrayCharlie turns compromised WordPress sites into malware delivery machines. Discover how this threat actor chains fake browser updates and ClickFix lures to deploy NetSupport RAT, Stealc, and SectopRAT.RECORDEDFUTURE.COM
🕵️ THREAT INTELLIGENCE 1[−]
18 FebWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 6 points | 8 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
📡 INFOSEC NEWS 2[−]
18 FebCitizen Lab Finds Cellebrite Tool Used on Kenyan Activist’s Phone in Police CustodyNew research from the Citizen Lab has found signs that Kenyan authorities used a commercial forensic extraction tool manufactured by Israeli company Cellebrite to break into a prominent dissident's phone, making it the latest case of abuse of the technology targeting civil societ…THEHACKERNEWS.COM
18 FebDutch police arrest man for “hacking” after accidentally sending him confidential filesPolice in The Netherlands say they have arrested a 40-year-old man on suspicion of hacking... after police officers accidentally sent him a link granting him access to their own confidential documents Read more in my article on the Hot for Security blog.BITDEFENDER.COM