🚨 CISA KEV 1[−]
21 Feb KEVCISA Adds Two Actively Exploited Roundcube Flaws to KEV CatalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below …THEHACKERNEWS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 270[−]
21 FebCVE-2021-24119 In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.Information published.MSRC.MICROSOFT.COM
21 FebCVE-2020-36426 An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).Information published.MSRC.MICROSOFT.COM
21 FebCVE-2025-21846 acct: perform last write from workqueueInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-21847 ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2025-29768 Vim vulnerable to potential data loss with zip.vim and special crafted zip filesInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-55549 xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issueInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-58088 bpf: Fix deadlock when freeing cgroup storageInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-21856 s390/ism: add release function for struct deviceInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-21866 powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOCInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-21861 mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2025-1767 This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.Information published.MSRC.MICROSOFT.COM
21 FebCVE-2025-21864 tcp: drop secpath at the same time as we currently drop dstInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-2953 PyTorch torch.mkldnn_max_pool2d denial of serviceInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-8176 Libexpat: expat: improper restriction of xml entity expansion depth in libexpatInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-21839 KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loopInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-21855 ibmvnic: Don't reference skb after sending to VIOSInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-68763 crypto: starfive - Correctly handle return of sg_nents_for_lenInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-68758 backlight: led-bl: Add devlink to supplier LEDsInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-15444 Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodiumInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-68771 ocfs2: fix kernel BUG in ocfs2_find_victim_chainInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-68786 ksmbd: skip lock-range check on equal size to avoid size==0 underflowInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-71133 RDMA/irdma: avoid invalid read in irdma_net_eventInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-71114 via_wdt: fix critical boot hang due to unnamed resource allocationInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-71109 MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bitsInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-71143 clk: samsung: exynos-clkout: Assign .num before accessing .hwsInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-68755 staging: most: remove broken i2c driverInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-13034 No QUIC certificate pinning with GnuTLSInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-15224 libssh key passphrase bypass without agent setInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-14524 bearer token leak on cross-protocol redirectInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-14819 OpenSSL partial chain store policy bypassInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2026-21860 Werkzeug safe_join() allows Windows special device names with compound extensionsInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2026-22702 virtualenv Has TOCTOU Vulnerabilities in Directory CreationInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-68823 ublk: fix deadlock when reading partition tableInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-68781 usb: phy: fsl-usb: Fix use-after-free in delayed work during device removalInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-68808 media: vidtv: initialize local pointers upon transfer of memory ownershipInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-71066 net/sched: ets: Always remove class from active list before deleting in ets_qdisc_changeInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-71067 ntfs: set dummy blocksize to read boot_block when mountingInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-68819 media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2025-68817 ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrencyInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-71064 net: hns3: using the num_tqps in the vf driver to apply for resourcesInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-71081 ASoC: stm32: sai: fix OF node leak on probeInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-71101 platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsingInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-71122 iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVEDInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-71105 f2fs: use global inline_xattr_slab instead of per-sb slab cacheInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2019-14584 Null pointer dereference in Tianocore EDK2Information published.MSRC.MICROSOFT.COM
21 FebCVE-2022-22576 An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S) IMAP(S) POP3(S) and LDAP(S) (openldap only).Information published.MSRC.MICROSOFT.COM
21 FebCVE-2022-27775 An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.Information published.MSRC.MICROSOFT.COM
21 FebCVE-2022-27781 libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.Information published.MSRC.MICROSOFT.COM
21 FebCVE-2022-27782 libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However several TLS andSSH settings were left out from the configuration match checks making themmatch too easily.Information published.MSRC.MICROSOFT.COM
21 FebCVE-2022-27774 An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.Information published.MSRC.MICROSOFT.COM
21 FebCVE-2025-48637 In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Information published.MSRC.MICROSOFT.COM
21 FebCVE-2022-3064 Excessive resource consumption in gopkg.in/yaml.v2Information published.MSRC.MICROSOFT.COM
21 FebCVE-2022-32207 When curl < 7.84.0 saves cookies alt-svc and hsts data to local files it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation it might accidentally *widen* the permissions for the target file leaving the updated file accessible to more users than intended.Information published.MSRC.MICROSOFT.COM
21 FebCVE-2022-32208 When curl < 7.84.0 does FTP transfers secured by krb5 it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.Information published.MSRC.MICROSOFT.COM
21 FebCVE-2023-46847 Squid: denial of service in http digest authenticationInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-53173 NFSv4.0: Fix a use-after-free problem in the asynchronous open()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-56538 drm: zynqmp_kms: Unplug DRM device before removalInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-56598 jfs: array-index-out-of-bounds fix in dtReadFirstInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-11738 Rustls: rustls network-reachable panic in `acceptor::accept`Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-53208 Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_syncInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-53186 ksmbd: fix use-after-free in SMB request handlingInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-56595 jfs: add a check to prevent array-index-out-of-bounds in dbAdjTreeInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-47814 use-after-free when closing buffers in VimInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-49882 ext4: fix double brelse() the buffer of the extents pathInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-49954 static_call: Replace pointless WARN_ON() in static_call_module_notify()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-49959 jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns errorInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-49965 ocfs2: remove unreasonable unlock in ocfs2_read_blocksInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-49973 r8169: add tally counter fields added with RTL8125Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-50003 drm/amd/display: Fix system hang while resume with TBT monitorInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-50006 ext4: fix i_data_sem unlock order in ext4_ind_migrate()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-50085 mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflowInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-8508 Unbounded name compression could lead to Denial of ServiceInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-8927 cgi.force_redirect configuration is bypassable due to the environment variable collisionInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-49974 NFSD: Limit the number of concurrent async COPY operationsInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-50066 mm/mremap: fix move_normal_pmd/retract_page_tables raceInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-50073 tty: n_gsm: Fix use-after-free in gsm_cleanup_muxInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-50088 btrfs: fix uninitialized pointer free in add_inode_ref()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-8926 PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-45720 Apache Subversion: Command line argument injection on Windows platformsInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-9407 Buildah: podman: improper input validation in bind-propagation option of dockerfile run --mount instructionInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-31227 Denial-of-service due to malformed ACL selectors in RedisInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-31228 Denial-of-service due to unbounded pattern matching in RedisInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-31449 Lua library commands may lead to stack overflow and RCE in RedisInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-47191 pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because in the context of PAM code running as root it mishandles usersfile access such as by calling fchown in the presence of a symlink.Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-47554 Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReaderInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-49946 ppp: do not assume bh is held in ppp_channel_bridge_input()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-49950 Bluetooth: L2CAP: Fix uaf in l2cap_connectInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-49955 ACPI: battery: Fix possible crash when unregistering a battery hookInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-49958 ocfs2: reserve space for inline xattr before attaching reflink treeInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-49963 mailbox: bcm2835: Fix timeout during suspend modeInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-50001 net/mlx5: Fix error path in multi-packet WQE transmitInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-50002 static_call: Handle module init failure correctly in static_call_del_module()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-50005 mac802154: Fix potential RCU dereference issue in mac802154_scan_workerInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-50007 ALSA: asihpi: Fix potential OOB array accessInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-50008 wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-8925 Erroneous parsing of multipart form dataInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-9026 PHP-FPM logs from children may be alteredInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-9632 Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerabilityInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-50010 exec: don't WARN for racy path_noexec checkInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-50072 x86/bugs: Use code segment selector for VERW operandInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-50084 net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-9341 Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go libraryInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-38667 riscv: prevent pt_regs corruption for secondary idle threadsInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-38588 ftrace: Fix possible use-after-free issue in ftrace_location()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-39291 drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-44965 x86/mm: Fix pti_clone_pgtable() alignment assumptionInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-44991 tcp: prevent concurrent execution of tcp_sk_exit_batchInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-45001 net: mana: Fix RX buf alloc_size alignment and atomic op panicInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-45012 nouveau/firmware: use dma non-coherent allocatorInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-45016 netem: fix return value if duplicate enqueue failsInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-45019 net/mlx5e: Take state lock during tx timeout reporterInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-45028 mmc: mmc_test: Fix NULL dereference on allocation failureInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46672 wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletionInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46675 usb: dwc3: core: Prevent USB core invalid event buffer address accessInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46680 Bluetooth: btnxpuart: Fix random crash seen while removing driverInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46686 smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46689 soc: qcom: cmd-db: Map shared memory as WC not WBInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46693 soc: qcom: pmic_glink: Fix race during initializationInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46695 selinuxsmack: don't bypass permissions check in inode_setsecctx hookInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46706 tty: serial: fsl_lpuart: mark last busy before uart_add_one_portInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46707 KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46709 drm/vmwgfx: Fix prime with external buffersInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46720 drm/amdgpu: fix dereference after null checkInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46722 drm/amdgpu: fix mc_data out-of-bounds read warningInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46726 drm/amd/display: Ensure index calculation will not overflowInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46728 drm/amd/display: Check index for aux_rd_interval before usingInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46737 nvmet-tcp: fix kernel crash if commands allocation failsInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46739 uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescindInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46741 misc: fastrpc: Fix double free of 'buf' in error pathInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46742 smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46746 HID: amd_sfh: free driver_data after destroying hid deviceInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46747 HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixupInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46756 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46761 pci/hotplug/pnv_php: Fix hotplug driver crash on PowernvInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46770 ice: Add netif_device_attach/detach into PF reset flowInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46781 nilfs2: fix missing cleanup on rollforward recovery errorInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46784 net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanupInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46791 can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_openInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46796 smb: client: fix double put of @cfile in smb2_set_path_size()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46798 ASoC: dapm: Fix UAF for snd_soc_pcm_runtime objectInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46802 drm/amd/display: added NULL check at start of dc_validate_streamInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46804 drm/amd/display: Add array index check for hdcp ddc accessInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46806 drm/amdgpu: Fix the warning division or modulo by zeroInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46809 drm/amd/display: Check BIOS images before it is usedInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46811 drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_boxInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46818 drm/amd/display: Check gpio_id before used as array indexInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46821 drm/amd/pm: Fix negative array index readInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46832 MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installedInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46836 usb: gadget: aspeed_udc: validate endpoint index for ast udcInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46840 btrfs: clean up our handling of refs == 0 in snapshot deleteInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46853 spi: nxp-fspi: fix the KASAN report out-of-bounds bugInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46855 netfilter: nft_socket: fix sk refcount leaksInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46860 wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_changeInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46864 x86/hyperv: fix kexec crash due to VP assist page corruptionInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-44963 btrfs: do not BUG_ON() when freeing tree block after errorInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46772 drm/amd/display: Check denominator crb_pipes before usedInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46751 btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-0133 NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-44947 fuse: Initialize beyond-EOF page contents before setting uptodateInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-44960 usb: gadget: core: Check for unset descriptorInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-44966 binfmt_flat: Fix corruption when not offsetting data startInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-44969 s390/sclp: Prevent release of buffer in I/OInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-45003 vfs: Don't evict inode under the inode lru traversing contextInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-45005 KVM: s390: fix validity interception issue when gisa is switched offInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-45011 char: xillybus: Check USB endpoints when probing deviceInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-45018 netfilter: flowtable: initialise extack before useInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-45020 bpf: Fix a kernel verifier crash in stacksafe()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-45022 mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-45029 i2c: tegra: Do not mark ACPI devices as irq safeInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46676 nfc: pn533: Add poll mod list filling checkInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46678 bonding: change ipsec_lock from spin lock to mutexInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46679 ethtool: check device is present when getting link settingsInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46685 pinctrl: single: fix potential NULL dereference in pcs_get_function()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46687 btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46692 firmware: qcom: scm: Mark get_wq_ctx() as atomic callInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46694 drm/amd/display: avoid using null object of framebufferInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46702 thunderbolt: Mark XDomain as unplugged when router is removedInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46710 drm/vmwgfx: Prevent unmapping active read buffersInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46711 mptcp: pm: fix ID 0 endp usage after multiple re-creationsInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46719 usb: typec: ucsi: Fix null pointer dereference in traceInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46721 apparmor: fix possible NULL pointer dereferenceInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46723 drm/amdgpu: fix ucode out-of-bounds read warningInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46724 drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_numberInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46725 drm/amdgpu: Fix out-of-bounds write warningInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46731 drm/amd/pm: fix the Out-of-bounds read warningInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46732 drm/amd/display: Assign linear_pitch_alignment even for VMInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46735 ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46738 VMCI: Fix use-after-free when removing resource in vmci_resource_remove()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46740 binder: fix UAF caused by offsets overwriteInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46743 of/irq: Prevent device address out-of-bounds read in interrupt map walkInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46749 Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46755 wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46757 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46758 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46759 hwmon: (adc128d818) Fix underflows seen when writing limit attributesInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46760 wifi: rtw88: usb: schedule rx work after everything is set upInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46762 xen: privcmd: Fix possible access to a freed kirqfd instanceInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46765 ice: protect XDP configuration with a mutexInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46773 drm/amd/display: Check denominator pbn_div before usedInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46782 ila: call nf_unregister_net_hooks() soonerInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46786 fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAFInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46795 ksmbd: unset the binding mark of a reused connectionInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46797 powerpc/qspinlock: Fix deadlock in MCS queueInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46800 sch/netem: fix use after free in netem_dequeueInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46803 drm/amdkfd: Check debug trap enable before write dbg_ev_fileInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46805 drm/amdgpu: fix the waring dereferencing hiveInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46807 drm/amd/amdgpu: Check tbo resource pointerInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46810 drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46814 drm/amd/display: Check msg_id before processing transcationInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46819 drm/amdgpu: the warning dereferencing obj for nbio_v7_4Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46822 arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entryInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46829 rtmutex: Drop rt_mutex::wait_lock before schedulingInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46831 net: microchip: vcap: Fix use-after-free error in kunit testInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46838 userfaultfd: don't BUG_ON() if khugepaged yanks our page tableInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46843 scsi: ufs: core: Remove SCSI host only if addedInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46844 um: line: always fill *error_out in setup_one_line()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46845 tracing/timerlat: Only clear timer if a kthread existsInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46846 spi: rockchip: Resolve unbalanced runtime PM / system PM handlingInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46847 mm: vmalloc: ensure vmap_block is initialised before adding to queueInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46848 perf/x86/intel: Limit the period on HaswellInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46852 dma-buf: heaps: Fix off-by-one in CMA heap fault handlerInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46859 platform/x86: panasonic-laptop: Fix SINF array out of bounds accessesInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46861 usbnet: ipheth: do not stop RX on failing RX callbackInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46863 ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty itemInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46841 btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-44950 serial: sc16is7xx: fix invalid FIFO access with special register setInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2013-4416 The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply.Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-42311 hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2023-7256 Double-free in libpcap before 1.10.5 with remote packet capture support.Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-43835 virtio_net: Fix napi_skb_cache_put warningInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-43839 bna: adjust 'name' buf size of bna_tcb and bna_ccb structuresInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-42308 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-43871 devres: Fix memory leakage caused by driver API devm_free_percpu()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-43882 exec: Fix ToCToU between perm check and set-uid/gid usageInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-44944 netfilter: ctnetlink: use helper function to calculate expect IDInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-8006 NULL pointer dereference in libpcap before 1.10.5 with remote packet capture supportInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-43834 xdp: fix invalid wait context of page_pool_destroy()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-42122 drm/amd/display: Add NULL pointer check for kzallocInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2023-52920 bpf: support non-r10 register spill/fill to/from stack in precision trackingInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-50131 tracing: Consider the NULL character when validating the event lengthInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-50130 netfilter: bpf: must hold reference on net namespaceInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-26951 wireguard: netlink: check for dangling peer via is_dead instead of empty listInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-26984 nouveau: fix instmem race condition around ptr storesInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-26961 mac802154: fix llsec key resources release in mac802154_llsec_key_delInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-26965 clk: qcom: mmcc-msm8974: fix terminating of frequency table arraysInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-26966 clk: qcom: mmcc-apq8084: fix terminating of frequency table arraysInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-26973 fat: fix uninitialized field in nostale filehandlesInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-26993 fs: sysfs: Fix reference leak in sysfs_break_active_protection()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-27000 serial: mxs-auart: add spinlock around changing cts stateInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-32624 HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__ref_mem_setnull in H5Tref.c (called from H5T__conv_ref in H5Tconv.c) resulting in the corruption of the instruction pointer.Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-33873 HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c.Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-33877 HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c.Information published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 6[−]
21 FebAgentic AI Security Is Broken and How To Fix It: Ido Shlomo, Co-founder and CTO of Token SecurityJim Love discusses how rapid adoption of agentic AI is repeating the industry pattern of shipping technology without security, citing issues like vulnerabilities in Anthropic's MCP and insecure open-source agent tools. He interviews Ido Shlomo, co-founder and CTO of Token Securit…CYBERSECURITYTODAY.LIBSYN.COM
21 FebAI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 CountriesA Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. That's according to new findings from Amazon Threat Intellige…THEHACKERNEWS.COM
21 FebAnthropic Launches Claude Code Security for AI-Powered Vulnerability ScanningArtificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user's software codebase for vulnerabilities and suggest patches. The capability, called Claude Code Security, is currently available in a limited research …THEHACKERNEWS.COM
21 FebEC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and SecurityWith $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close the gap between AI adoption and workforce readiness. EC-Council, creator of the world-renowned Certified Ethical Hacker (CEH) cre…THEHACKERNEWS.COM
21 FebAI Threats: What Could Go Wrong?Palo Alto Networks' report reveals that most successful attacks stem from preventable errors and poor identity controls. AI attackers can quickly exploit these vulnerabilities, posing a significant threat. How can organizations strengthen their defenses against AI-driven attacks?…YOUTUBE.COM
21 FebFrance's Ministry of Economy disclosed that attackers used stolen official credentials to access FICOBA, the national bank account registry, exposing data on 1.2 million accountssubmitted by Innerworld to cybersecurity 3 points | 1 comments https://www.securityweek.com/french-government-says-1-2-million-bank-accounts-exposed-in-breach/INFOSEC.PUB
🔥 INCIDENT REPORTING 1[−]
21 FebWhat Happens If I Click A Phishing Link?Phishing is the most prominent form of cyber-attack, regularly prompting email recipients into disclosing their personal information, credentials, downloading malware, or paying fraudulent invoices . Phishing can result in cybercriminals gaining unauthorized access to organizatio…KNOWBE4.COM
🕵️ THREAT INTELLIGENCE 1[−]
21 FebWhat is OAuth?submitted by cm0002 to cybersecurity 6 points | 2 comments https://leaflet.pub/p/did:plc:3vdrgzr2zybocs45yfhcr6ur/3mfd2oxx5v22bINFOSEC.PUB
📡 INFOSEC NEWS 1[−]
21 Feb7 days until ticket prices rise for TechCrunch Disrupt 2026Lowest ticket prices to TechCrunch Disrupt 2026 end February 27. Up to $680 off individual passes and up to 30% off group passes. Register before they go up to join 10,000 founders, tech operators, and VCs.TECHCRUNCH.COM