itsourcecode Sales and Inventory System 注入漏洞

itsourcecode Sales and Inventory System is itsourcecode open source a sales and inventory system . An injection vulnerability exists in itsourcecode Sales and Inventory System version 1.0, which results from SQL injection due to incorrect manipulation of the parameter serial in the file...

OESA-2025-1511 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix a flaw in existing endpoint checks Syzbot once again identified a flaw in usb endpoint checking, see 1. This time the issue stems from a...

From Trade-Off to Synergy: a Versatile Symbiotic Watermarking Framework for Large Language Models

The rise of Large Language Models LLMs has heightened concerns about the misuse of AI-generated text, making watermarking a promising solution. Mainstream watermarking schemes for LLMs fall into two categories: logits-based and sampling-based. However, current schemes entail trade-offs among...

PT-2025-29070

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw in the p54 driver where a malicious USB device pretending to be an Intersil p54 wifi interface can cause a buffer overflow in the p54 rx eeprom readbac...

CLSA-2025-1747260502 kernel: Fix of 5 CVEs

ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices CVE-2024-53197 - Bluetooth: L2CAP: Fix slab-use-after-free Read in l2capsendcmd CVE-2025-21969 - ext4: fix OOB read when checking dotdot dir CVE-2025-37785 - iscsiibft: Fix UBSAN shift-out-of-bounds warning in...

kernel: soc: qcom: socinfo: Avoid out of bounds read of serial number

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: socinfo: Avoid out of bounds read of serial number On MSM8916 devices, the serial number exposed in sysfs is constant and does not change across individual devices. It's always: db410c:/sys/devices/soc0$ cat serialnumb...

containers/aardvark-dns: TCP Query Handling Flaw in Aardvark-dns Leading to Denial of Service

A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other DNS queries timing...

kernel: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()

A flaw was found in the quatech2 module in the Linux kernel. An incorrect check for invalid port numbers can cause a NULL pointer dereference and result in a denial of service...

kernel: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcommsockalloc btsockalloc attaches allocated sk object to the provided sock object. If rfcommdlcalloc fails, we release the sk object, but leave the dangling pointer in th...

kernel: xhci: tegra: fix checked USB2 port number

In the Linux kernel, the following vulnerability has been resolved: xhci: tegra: fix checked USB2 port number If USB virtualizatoin is enabled, USB2 ports are shared between all Virtual Functions. The USB2 port number owned by an USB2 root hub in a Virtual Function may be less than total USB2 phy...

kernel: usb: typec: fix potential array underflow in ucsi_ccg_sync_control()

In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsiccgsynccontrol The "command" variable can be controlled by the user via debugfs. The worry is that if conindex is zero then "&uc-ucsi-connectorconindex - 1" would be an array...

CP Plus CP-XR-DE21-S 安全漏洞

The CP Plus CP-XR-DE21-S is a wireless router from CP Plus. A security vulnerability exists in the CP Plus CP-XR-DE21-S version 1.031.022, which stems from insufficient protection of the UART console and could lead to information disclosure...

AZL-62753 CVE-2025-37882 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at the time of error occurrence on xHCI 1.1+ HCs or it's NULL on older ones. By the time we are handling the event,...

DEBIAN-CVE-2025-37882

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at the time of error occurrence on xHCI 1.1+ HCs or it's NULL on older ones. By the time we are handling the event,...

AZL-62495 CVE-2025-37842 affecting package kernel for versions less than 6.6.112.1-2

In the Linux kernel, the following vulnerability has been resolved: spi: fsl-qspi: use devm function instead of driver remove Driver use devm APIs to manage clk/irq/resources and register the spi controller, but the legacy remove function will be called first during device detach and trigger kern...

SUSE CVE-2022-49841

In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add missing .thawnoirq hook The following warning is seen with non-console UART instance when system hibernates. 37.371969 ------------ cut here ------------ 37.376599 uart3rootclk already disabled 37.380810 WARNING:...

SUSE CVE-2022-49924

In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: Fix potential memory leak in fdpncisend fdpncisend will call fdpncii2cwrite that will not free skb in the function. As a result, when fdpncii2cwrite finished, the skb will memleak. fdpncisend should free skb after...

SUSE CVE-2025-37813

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix invalid pointer dereference in Etron workaround This check is performed before preparetransfer and preparering, so enqueue can already point at the final link TRB of a segment. And indeed it will, some 0.4% of time...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to properly handle device separation in spi: fsl-qspi could cause the kernel to crash...

UBUNTU-CVE-2025-37813

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix invalid pointer dereference in Etron workaround This check is performed before preparetransfer and preparering, so enqueue can already point at the final link TRB of a segment. And indeed it will, some 0.4% of time...