CVE-2025-56801

The Red Hat advisories describe CVE-2025-56801 as a vulnerability in the Reolink Desktop Application 8.18.12 where hardcoded hard-coded credentials function as the Initialization Vector (IV) in AES-CFB encryption, enabling local attackers to decrypt sensitive configuration data stored under %APPD...

AMD TPM Reference Implementation June 2025 Security Update

AMD has informed HP of a potential security vulnerability identified in AMD Firmware TPM fTPM, which might allow information disclosure and/or denial of service. AMD has released Platform Initialization PI firmware to mitigate the vulnerability. AMD has released updates to mitigate the potential...

USN-7826-2 samba vulnerabilities

USN-7826-1 fixed vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Andrew Walker discovered that Samba incorrectly initialized memory in the vfsstreamsxattr module. An...

USN-7826-2: Samba vulnerabilities

USN-7826-1 fixed vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Andrew Walker discovered that Samba incorrectly initialized memory in the vfsstreamsxattr module. An...

kernel: crypto: seqiv - Handle EBUSY correctly

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify...

ALSA-2025:18297 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors CVE-2025-39757 kernel: ALSA: hda/ca0132: Fix buffer overflow in addtuningcontrol CVE-2025-39751 kernel: crypto: seqiv - Handle...

JLSEC-2025-143 A flaw was found in FFmpeg's HLS playlist parsing

A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization...

Colliding with Adversaries at ECML-PKDD 2025 Adversarial Attack Competition 1st Prize Solution

This report presents the winning solution for Task 1 of Colliding with Adversaries: A Challenge on Robust Learning in High Energy Physics Discovery at ECML-PKDD 2025. The task required designing an adversarial attack against a provided classification model that maximizes misclassification while...

Radare2 安全漏洞

Radare2 is a Libre reverse framework for Unix geeks open-sourced by Radare. A security vulnerability exists in radare2 version 5.9.8 and earlier, which stems from a memory leak in the r2rsubprocessinit function...

Ubuntu: Security Advisory (USN-7826-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2025-39979

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, fix UAF in flow counter release Fix a kernel trace 1 caused by releasing an HWS action of a local flow counter in mlx5cmdhwsdeletefte, where the HWS action refcount and mutex were not initialized and the counter...

CVE-2025-60013

When a user attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, the FIPS hardware security module HSM may fail to initialize. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-39979

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, fix UAF in flow counter release Fix a kernel trace 1 caused by releasing an HWS action of a local flow counter in mlx5cmdhwsdeletefte, where the HWS action refcount and mutex were not initialized and the counter...

USN-7826-1: Samba vulnerabilities

Andrew Walker discovered that Samba incorrectly initialized memory in the vfsstreamsxattr module. An authenticated attacker could possibly use this issue to obtain sensitive information. CVE-2025-9640 Igor Morgenstern discovered that Samba incorrectly handled names passed to the WINS hook program...

USN-7826-1 samba vulnerabilities

Andrew Walker discovered that Samba incorrectly initialized memory in the vfsstreamsxattr module. An authenticated attacker could possibly use this issue to obtain sensitive information. CVE-2025-9640 Igor Morgenstern discovered that Samba incorrectly handled names passed to the WINS hook program...

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : Samba vulnerabilities (USN-7826-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7826-1 advisory. Andrew Walker discovered that Samba incorrectly initialized memory in the vfsstreamsxattr module. An authenticated attacker...

CVE-2025-60013

When a highly-privileged, authenticated attacker attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, arbitrary system commands may be executed, and the FIPS hardware security module HSM may fail to initialize. A successful exploit can allow the...

CVE-2025-60013 F5OS-A FIPS HSM password vulnerability

When a highly-privileged, authenticated attacker attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, arbitrary system commands may be executed, and the FIPS hardware security module HSM may fail to initialize. A successful exploit can allow the...

CVE-2025-60013 F5OS-A FIPS HSM password vulnerability

When a highly-privileged, authenticated attacker attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, arbitrary system commands may be executed, and the FIPS hardware security module HSM may fail to initialize. A successful exploit can allow the...

CVE-2025-60013

CVE-2025-60013 affects F5OS-A FIPS HSM password initialization. A highly privileged, authenticated attacker could use a password with special shell metacharacters to initialise the rSeries FIPS module, potentially executing arbitrary system commands and crossing a security boundary. Affected hard...