CVE-2022-49585

CVE-2022-49585 relates to the Linux kernel. It fixes a data race in reading the sysctl_tcp_fastopen_blackhole_timeout, where the value could be changed concurrently. The patch adds READ_ONCE() to the readers to prevent concurrent modification. Affected component: kernel networking/tcp code around...

CVE-2022-49577 udp: Fix a data-race around sysctl_udp_l3mdev_accept.

In the Linux kernel, the following vulnerability has been resolved: udp: Fix a data-race around sysctludpl3mdevaccept. While reading sysctludpl3mdevaccept, it can be changed concurrently. Thus, we need to add READONCE to its reader...

CVE-2022-49571 tcp: Fix data-races around sysctl_tcp_max_reordering.

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpmaxreordering. While reading sysctltcpmaxreordering, it can be changed concurrently. Thus, we need to add READONCE to its readers...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a possible data contention in procdou8vecminmax when accessing the sysctl variable, resulting in a...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from data contention in the icmp sysctl variable...

CVE-2022-41267

SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrit...

CVE-2019-5142

An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker ca...

CVE-2020-6364

SAP Solution Manager and SAP Focused Run update provided in WILYINTROENTERPRISE 9.7, 10.1, 10.5, 10.7, allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection...

CVE-2024-29207

An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. Affected Products: UniFi Connect Application Version 3.7.9 and earlier UniFi Connect EV Station Version 1.1.18 and earlier UniFi Connect EV Station Pro Version 1.1.18...

CVE-2024-6983

mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the...

firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier()

...

firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()

...

DEBIAN-CVE-2025-21636

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: plpmtudprobeinterval: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info fro...

DEBIAN-CVE-2025-21637

In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: udpport: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...

CVE-2025-21642 mptcp: sysctl: sched: avoid using current->nsproxy

In the Linux kernel, the following vulnerability has been resolved: mptcp: sysctl: sched: avoid using current-nsproxy Using the 'net' structure via 'current' is not recommended for different reasons. First, if the goal is to use it to read or write per-netns data, this is inconsistent with how th...

PT-2025-1055 · Microsoft · Windows Telephony Service +1

Name of the Vulnerable Software and Affected Versions: Windows Telephony Service affected versions not specified Description: The issue is related to a buffer overflow in dynamic memory, which can be exploited by a remote attacker to execute arbitrary code. This can potentially allow the attacker...

PT-2025-1057

Name of the Vulnerable Software and Affected Versions Windows Hyper-V NT Kernel Integration VSP versions are affected, but specific versions are not provided in the input data. Description The issue is related to an elevation of privilege vulnerability in Windows Hyper-V NT Kernel Integration VSP...

ARM SCP-Firmware 安全漏洞

ARM SCP-Firmware is a firmware driver from ARM UK. A security vulnerability exists in ARM SCP-Firmware version 2.15.0 and earlier, which stems from a specially crafted SCMI message that causes the SCP to experience a Usage Fault and crash...

CVE-2024-42172

HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application wi...

CVE-2024-42172 HCL MyXalytics is affected by broken authentication

HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application wi...