11107 matches found
CVE-2025-68251 erofs: avoid infinite loops due to corrupted subpage compact indexes
In the Linux kernel, the following vulnerability has been resolved: erofs: avoid infinite loops due to corrupted subpage compact indexes Robert reported an infinite loop observed by two crafted images. The root cause is that clusterofs can be larger than lclustersize for !NONHEAD lclusters in...
CVE-2025-68210
In the Linux kernel, the following vulnerability has been resolved: erofs: avoid infinite loop due to incomplete zstd-compressed data Currently, the decompression logic incorrectly spins if compressed data is truncated in crafted deliberately corrupted images...
UBUNTU-CVE-2025-68210
In the Linux kernel, the following vulnerability has been resolved: erofs: avoid infinite loop due to incomplete zstd-compressed data Currently, the decompression logic incorrectly spins if compressed data is truncated in crafted deliberately corrupted images...
CVE-2025-68210 erofs: avoid infinite loop due to incomplete zstd-compressed data
In the Linux kernel, the following vulnerability has been resolved: erofs: avoid infinite loop due to incomplete zstd-compressed data Currently, the decompression logic incorrectly spins if compressed data is truncated in crafted deliberately corrupted images...
CVE-2025-68210 erofs: avoid infinite loop due to incomplete zstd-compressed data
In the Linux kernel, the following vulnerability has been resolved: erofs: avoid infinite loop due to incomplete zstd-compressed data Currently, the decompression logic incorrectly spins if compressed data is truncated in crafted deliberately corrupted images...
CVE-2025-68210
CVE-2025-68210 : In the Linux kernel, the erofs decompression path could spin indefinitely when encountering incomplete zstd-compressed data, i.e., truncated payloads in crafted images. The issue arises from the decompression logic looping due to incomplete input, leading to potential denial-of-s...
SUSE CVE-2025-40218
In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr: do not repeat pteoffsetmaplock until success DAMON's virtual address space operation set implementation vaddr calls pteoffsetmaplock inside the page table walk callback function. This is for reading and writing pa...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from erofs mishandling of incomplete zstd compressed data, which could lead to an infinite loop...
Linux Distros Unpatched Vulnerability : CVE-2025-68210
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - erofs: avoid infinite loop due to incomplete zstd-compressed data Currently, the decompression logic incorrectly spins if compressed data is truncated in crafte...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a corrupt subpage compact index in erofs leading to an infinite loop...
PT-2025-51664
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue was identified in the Linux kernel related to the erofs filesystem, potentially leading to infinite loops when processing corrupted subpage compact indexes. This occurs when...
PT-2025-51712
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the kvaser usb leaf wait cmd and kvaser usb leaf read bulk callback functions related to handling zero-length commands used for aligning data to U...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from command parsing logic that may lead to an infinite loop...
Linux Distros Unpatched Vulnerability : CVE-2025-68308
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: kvaserusb: leaf: Fix potential infinite loop in command parsers The kvaserusbleafwaitcmd and kvaserusbleafreadbulkcallback functions contain logic to...
RHEL 10 : python3.12 (RHSA-2025:14984)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14984 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic...
Denial Of Service (DoS)
react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack and next are vulnerable to a Denial-Of-Service DoS. The vulnerability is due to insufficient patching of unsafe payload deserialization in React Server Components, where maliciously crafted HTTP requests sent to Server...
CVE-2025-67779
It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests...
Deserialization of Untrusted Data
Overview next is a react framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to unsafe deserialization of payloads from HTTP requests to Server Function endpoints. An attacker can cause the server process to enter an infinite loop and hang,...
Deserialization of Untrusted Data
Overview @vitejs/plugin-rsc is a React Server Components RSC support for Vite. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to unsafe deserialization of payloads from HTTP requests to Server Function endpoints. An attacker can cause the server process ...
CVE-2025-67779
It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests...