139 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unvalidated rport pointer that could lead to a null pointer dereference...
SUSE SLED15: docker / docker-bash-completion / docker-fish-completion / etc (SUSE-SU-2025:02914-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02914-1 advisory. - Update to Docker 28.3.3-ce. - CVE-2025-54388: Fixed a bug where firewalld when reloaded can make...
SUSE SLES12 Security Update : docker (SUSE-SU-2025:02913-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:02913-1 advisory. - Update to Docker 28.3.3-ce. - CVE-2025-54388: Fixed a bug where firewalld when reloaded can make published container ports accessible from remote...
Security update for docker
This update for docker fixes the following issues: Update to Docker 28.3.3-ce. CVE-2025-54388: Fixed a bug where firewalld when reloaded can make published container ports accessible from remote hosts. bsc1247367 Patch Instructions: To install this SUSE update use the SUSE recommended installatio...
Linux Distros Unpatched Vulnerability : CVE-2022-50038
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount bugs in mesonvpuhasavailableconnectors In this function, there are t...
SUSE CVE-2022-50038
In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount bugs in mesonvpuhasavailableconnectors In this function, there are two refcount leak bugs: 1 when breaking out of foreachendpointofnode, we need call the ofnodeput for the 'ep'; 2 we should call ofnodeput...
DEBIAN-CVE-2022-50109
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: amba-clcd: Fix refcount leak bugs In clcdfbofinitdisplay, we should call ofnodeput for the references returned by ofgraphgetnextendpoint and ofgraphgetremoteportparent which have increased the refcount. Besides, we...
DEBIAN-CVE-2022-50038
In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount bugs in mesonvpuhasavailableconnectors In this function, there are two refcount leak bugs: 1 when breaking out of foreachendpointofnode, we need call the ofnodeput for the 'ep'; 2 we should call ofnodeput...
UBUNTU-CVE-2022-50038
In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount bugs in mesonvpuhasavailableconnectors In this function, there are two refcount leak bugs: 1 when breaking out of foreachendpointofnode, we need call the ofnodeput for the 'ep'; 2 we should call ofnodeput...
📄 CrushFTP 9.x / 10.8.4 / 11.3.1 Server-Side Request Forgery / Directory Traversal
CrushFTP versions 9.x, 10.x through 10.8.4, and 11.x through 11.3.1 suffer from server-side request forgery and directory traversal vulnerabilities. !-- Exploit Title: Server-Side Request Forgery SSRF in CrushFTP 10.7.1 and 11.1.0 as well as legacy 9.x Date: 2024-10-20 Exploit Author: Rafael...
Exploit for Improper Authentication in Automattic Woocommerce_Payments
CVE-2023-28121 usage: CVE-2023-28121.py -h -v RHOST R...
SUSE CVE-2022-49156
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix scheduling while atomic The driver makes a call into midlayer fcremoteportdelete which can put the thread to sleep. The thread that originates the call is in interrupt context. The combination of the two trigge...
SUSE CVE-2022-49332
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Address NULL pointer dereference after stargettorport Calls to stargettorport may return NULL. Add check for NULL rport before dereference...
DEBIAN-CVE-2022-49156
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix scheduling while atomic The driver makes a call into midlayer fcremoteportdelete which can put the thread to sleep. The thread that originates the call is in interrupt context. The combination of the two trigge...
UBUNTU-CVE-2022-49156
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix scheduling while atomic The driver makes a call into midlayer fcremoteportdelete which can put the thread to sleep. The thread that originates the call is in interrupt context. The combination of the two trigge...
PT-2025-49305
Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.27.0 Description The cpp-httplib library has a flaw where attacker-controlled HTTP headers can influence server metadata, logging, and authorization decisions. An attacker can inject headers such as REMOTE ADDR,...
kernel: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fclportptpsetup fclportptpsetup did not check the return value of fcrportcreate which can return NULL and would cause a NULL pointer dereference. Address this issue by checki...
New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm
The Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber attack targeting an unnamed trading company based in China. The previously unreported malware is written in Golang, and thus is a cross-platform weapon capable of...
CVE-2024-43798
Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented AUTH environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. Anyone running the Chisel server that is...
CVE-2024-43798 Chisel AUTH environment variable not respected in server entrypoint
Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented AUTH environment variable used to set credentials, which allows any unauthenticated user to connect, even if credentials were set. Anyone running the Chisel server that is...