DEBIAN-CVE-2025-54350

In iperf before 3.19.1, iperfauth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt...

CVE-2025-54350

In iperf before 3.19.1, iperfauth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt...

AZL-66057 CVE-2025-54350 affecting package iperf3 for versions less than 3.17.1-3

In iperf before 3.19.1, iperfauth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt...

CVE-2025-54350

CVE-2025-54350 affects iperf/iperf3 prior to version 3.19.1. The issue is an assertion failure in iperf_auth.c during a malformed authentication attempt, caused by a Base64Decode error, which can cause the application to exit. Several connected advisories confirm the impact and the fix version: p...

kernel: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error

A flaw was found in the Linux kernel, where a specially crafted RPC packet could cause data corruption or trigger a system panic. This flaw allows a remote attacker who can make RPC calls to send an intentionally malformed packet, potentially compromising system integrity or causing a denial of...

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix out-of-range access of vnicinfo array CVE-2025-22112 In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: init wiphywork before allocating rfkill fails CVE-2025-22119 ...

TOTOLINK T6 Authentication Error Vulnerability

TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. An authentication error vulnerability exists in TOTOLINK T6 version 4.1.5cu.748B20211015, which stems from a lack of authentication in the parameter authCode/goURL in the file /formLoginAuth.htm. An attacker could...

SUSE CVE-2025-38089

In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVCGARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a w...

CVE-2025-38089

In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVCGARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a w...

AZL-64398 CVE-2025-38089 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVCGARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a w...

DEBIAN-CVE-2025-38089

In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVCGARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a w...

CVE-2025-38089

The CVE-2025-38089 issue affects the Linux kernel sunrpc auth path. A remotely triggerable crash can occur when a specially crafted RPC reply yields SVC_GARBAGE without setting rq_accept_statp, risking NULL dereference or memory scribble. The bug arises because a SVC_GARBAGE return was treated as...

CVE-2025-38089 sunrpc: handle SVC_GARBAGE during svc auth processing as auth error

In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVCGARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a w...

CVE-2025-38089 sunrpc: handle SVC_GARBAGE during svc auth processing as auth error

In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVCGARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a w...

PT-2025-27419

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A remotely-triggerable crash can occur in the Linux kernel if a client sends a specially crafted packet to the kernel RPC server. This happens when decoding the RPC reply fails and...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVCGARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a w...

The vulnerability of the “Termide Virtual Desktops Connection Manager” software server, related to an authentication error, allows unauthorized access to user domain accounts.

The vulnerability of the “Termide Virtual Desktops Connection Manager” software server is related to an authentication error based on the Kerberos protocol. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to user account credentials...

CVE-2024-22647

An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames...

CVE-2024-29070

On versions before 2.1.4, session is not invalidated after logout. When the user logged in successfully, the Backend service returns "Authorization" as the front-end authentication credential. "Authorization" can still initiate requests and access data even after logout. Mitigation: all users...

CVE-2022-45218

Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting XSS vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message...