Advisory ROSA-SA-2025-2879

Software: krb5 1.18.2 OS: ROSA Virtualization 2.1 packageevrstring: krb5-1.18.2-32.rv3 CVE-ID: CVE-2020-28196 BDU-ID: 2023-03437 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Kerberos network protocol implementation of the Debian GNU/Linux, Red Hat Enterprise Linux, Ubuntu, Fedora, Alt 8 SP...

Wireshark Analyzer 4.4.7

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. Thi...

CVE-2024-21128

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: APIs. Supported versions that are affected are 12.2.6-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Object...

CVE-2020-11914

The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read...

USN-7513-3 linux-azure, linux-azure-6.8, linux-oem-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - ACPI drivers;...

Ubuntu 24.04 LTS : Linux kernel (GKE) vulnerabilities (USN-7515-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7515-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws i...

RT-Labs P-Net 代码问题漏洞

RT-Labs P-Net is an open source PROFINET protocol stack from RT-Labs that enables standard communication between industrial devices and PROFINET controllers. A security vulnerability exists in RT-Labs P-Net version 1.0.1 and earlier, which stems from a null pointer dereference, and can be exploit...

DEBIAN-CVE-2025-37790

In the Linux kernel, the following vulnerability has been resolved: net: mctp: Set SOCKRCUFREE Bind lookup runs under RCU, so ensure that a socket doesn't go away in the middle of a lookup...

Net::IMAP vulnerable to possible DoS by memory exhaustion

...

The vulnerability of the sctp_stream_outq_migrate() function in the net/sctp/stream.c module of the Linux operating system’s SCTP protocol implementation allows a attacker to cause a service failure.

The vulnerability of the sctpstreamoutqmigrate function in the net/sctp/stream.c module of the Linux operating system’s SCTP protocol implementation is related to a memory leak. Exploiting this vulnerability could allow an attacker to cause a service failure...

USN-7429-2 linux-fips vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Drivers core; - HID subsystem; - Network drivers; - SCSI subsystem; - SuperH / SH-Mobile drivers; - File systems...

gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().

...

net: af_can: do not leave a dangling sk pointer in can_create()

...

The vulnerability of the Simple Network Management Protocol (SNMP) implementation in Cisco IOS, Cisco IOS XR, and Cisco IOS XE operating systems allows a attacker to trigger a service failure.

The vulnerability of the Simple Network Management Protocol SNMP implementation in Cisco IOS, Cisco IOS XR, and Cisco IOS XE operating systems is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service...

USN-7303-2 linux-oracle, linux-oracle-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Drivers cor...

USN-7294-3: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - ACPI drivers; - Drivers core; - ATA over ethernet AOE driver; - TPM...

USN-7303-1 linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Drivers cor...

CVE-2022-49575 tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctltcpthinlineartimeouts. While reading sysctltcpthinlineartimeouts, it can be changed concurrently. Thus, we need to add READONCE to its reader...

CVE-2024-10604

Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances...

Siemens SIPROTEC 5 安全漏洞

Siemens SIPROTEC 5 is a multifunction relay from Siemens Germany. A security vulnerability exists in the Siemens SIPROTEC 5 that stems from an affected device not properly validating SNMP GET requests. This could allow an unauthenticated, remote attacker to retrieve sensitive information from the...