Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2025-47947 | ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are | modsecurity-apache modsecurity-apache |
| CVE | CVE-2021-23450 | All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. | dojo dojo |
| CVE | CVE-2024-47081 | Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific m | requests requests requests requests requests requests |
| CVE | CVE-2025-37758 | In the Linux kernel, the following vulnerability has been resolved: ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() devm_i | linux linux linux-nvidia-tegra linux-xilinx-zynqmp linux-xilinx-zynqmp linux-nvidia-tegra-igx |
| CVE | CVE-2025-37757 | In the Linux kernel, the following vulnerability has been resolved: tipc: fix memory leak in tipc_link_xmit In case the backlog transmit queue for | linux linux linux-nvidia-tegra linux-xilinx-zynqmp linux-xilinx-zynqmp linux-nvidia-tegra-igx |
| CVE | CVE-2025-37756 | In the Linux kernel, the following vulnerability has been resolved: net: tls: explicitly disallow disconnect syzbot discovered that it can disconne | linux linux linux-nvidia-tegra linux-xilinx-zynqmp linux-xilinx-zynqmp linux-nvidia-tegra-igx |
| CVE | CVE-2025-37749 | In the Linux kernel, the following vulnerability has been resolved: net: ppp: Add bound checking for skb data on ppp_sync_txmung Ensure we have eno | linux linux linux-nvidia-tegra linux-xilinx-zynqmp linux-xilinx-zynqmp linux-nvidia-tegra-igx |
| CVE | CVE-2025-37841 | In the Linux kernel, the following vulnerability has been resolved: pm: cpupower: bench: Prevent NULL dereference on malloc failure If malloc retur | linux linux linux-nvidia-tegra linux-xilinx-zynqmp linux-xilinx-zynqmp linux-nvidia-tegra-igx |
| CVE | CVE-2025-37862 | In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix null pointer dereference in pidff_find_fields This function tri | linux linux linux-nvidia-tegra linux-xilinx-zynqmp linux-xilinx-zynqmp linux-nvidia-tegra-igx |
| CVE | CVE-2025-37859 | In the Linux kernel, the following vulnerability has been resolved: page_pool: avoid infinite loop to schedule delayed worker We noticed the kworke | linux linux linux-nvidia-tegra linux-xilinx-zynqmp linux-xilinx-zynqmp linux-nvidia-tegra-igx |
| CVE | CVE-2025-37742 | In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of imap allocated in the diMount() function syzbot | linux linux linux-nvidia-tegra linux-xilinx-zynqmp linux-xilinx-zynqmp linux-nvidia-tegra-igx |
| CVE | CVE-2025-37858 | In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Prevent integer overflow in AG size calculation The JFS filesystem calc | linux linux linux-nvidia-tegra linux-xilinx-zynqmp linux-xilinx-zynqmp linux-nvidia-tegra-igx |
| CVE | CVE-2025-37741 | In the Linux kernel, the following vulnerability has been resolved: jfs: Prevent copying of nlink with value 0 from disk inode syzbot report a dead | linux linux linux-nvidia-tegra linux-xilinx-zynqmp linux-xilinx-zynqmp linux-nvidia-tegra-igx |
| CVE | CVE-2025-37740 | In the Linux kernel, the following vulnerability has been resolved: jfs: add sanity check for agwidth in dbMount The width in dmapctl of the AG is | linux linux linux-nvidia-tegra linux-xilinx-zynqmp linux-xilinx-zynqmp linux-nvidia-tegra-igx |
| CVE | CVE-2025-37739 | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() syzbot | linux linux linux-nvidia-tegra linux-xilinx-zynqmp linux-xilinx-zynqmp linux-nvidia-tegra-igx |
| CVE | CVE-2025-37738 | In the Linux kernel, the following vulnerability has been resolved: ext4: ignore xattrs past end Once inside 'ext4_xattr_inode_dec_ref_all' we shou | linux linux linux-nvidia-tegra linux-xilinx-zynqmp linux-xilinx-zynqmp linux-nvidia-tegra-igx |
| CVE | CVE-2025-37857 | In the Linux kernel, the following vulnerability has been resolved: scsi: st: Fix array overflow in st_setup() Change the array size to follow parm | linux linux linux-nvidia-tegra linux-xilinx-zynqmp linux-xilinx-zynqmp linux-nvidia-tegra-igx |
| CVE | CVE-2025-23163 | In the Linux kernel, the following vulnerability has been resolved: net: vlan: don't propagate flags on open With the device instance lock, there i | linux linux linux-nvidia-tegra linux-xilinx-zynqmp linux-xilinx-zynqmp linux-nvidia-tegra-igx |
| CVE | CVE-2025-23161 | In the Linux kernel, the following vulnerability has been resolved: PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type The access to the PCI co | linux linux linux-nvidia-tegra linux-xilinx-zynqmp linux-xilinx-zynqmp linux-nvidia-tegra-igx |
| CVE | CVE-2025-37851 | In the Linux kernel, the following vulnerability has been resolved: fbdev: omapfb: Add 'plane' value check Function dispc_ovl_setup is not intended | linux linux linux-nvidia-tegra linux-xilinx-zynqmp linux-xilinx-zynqmp linux-nvidia-tegra-igx |
About
-
Send Feedback to @ubuntu_updates
