PT-2025-40332

Name of the Vulnerable Software and Affected Versions Canonical LXD versions prior to 6.5 Canonical LXD version 5.21 through 5.21.4 Description A privilege escalation issue exists in the operations API of Canonical LXD. An attacker with read permissions can hijack terminal or console sessions and...

LXD 安全漏洞

LXD is a Canonical open source container for managing applications on Linux-based systems. A security vulnerability exists in LXD versions prior to 6.5, which stems from an elevated privilege in the Operations API that could lead to hijacking a terminal or console session and hijacking the...

PT-2025-40465

Name of the Vulnerable Software and Affected Versions QEMU affected versions not specified Description A flaw exists in QEMU where freeing the QIOChannelWebsock object during a handshake process results in a GSource leak. This leak can cause a use-after-free condition when the callback attempts t...

Amazon Linux 2 : libsoup, --advisory ALAS2-2025-3006 (ALAS-2025-3006)

The version of libsoup installed on the remote host is prior to 2.56.0-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3006 advisory. A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate...

DEBIAN-CVE-2025-51495

An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow...

CVE-2025-51495

An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow...

CVE-2025-51495

An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow...

UBUNTU-CVE-2025-51495

An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow...

CVE-2025-51495

An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow...

Important: libsoup

Issue Overview: A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service DoS. CVE-2025-32049 Affected Packages: libsoup Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

PT-2025-39837

Name of the Vulnerable Software and Affected Versions Mongoose versions 7.5 through 7.17 Description An integer overflow exists in the WebSocket component. Sending a specially crafted WebSocket request can cause the application to crash. Improper integration by downstream vendors may lead to a...

CVE-2025-51495

CVE-2025-51495 affects the WebSocket component of Mongoose versions 7.5 through 7.17 . A vulnerability in the WebSocket handling can trigger an integer overflow when processing a specially crafted request, potentially causing the application to crash (denial of service). In cases where downstream...

CVE-2025-51495

An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow...

CVE-2025-51495

An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow...

Security update for curl

This update for curl fixes the following issues: tooloperate: fix return code when --retry is used but not triggered bsc1249367 Security fixes: CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 CVE-2025-10148: Fixed predictable WebSocket mask bsc1249348 Patch Instructions: To...

SUSE-SU-2025:20802-1 Security update for curl

This update for curl fixes the following issues: - tooloperate: fix return code when --retry is used but not triggered bsc1249367 - Security fixes: CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 CVE-2025-10148: Fixed predictable WebSocket mask bsc1249348...

SUSE-SU-2025:20824-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 - CVE-2025-10148: Predictable WebSocket mask bsc1249348 - Fix the --ftp-pasv option in curl v8.14.1 bsc1246197 - tooloperate: fix return code when --retry is used but not triggere...

Security update for curl

This update for curl fixes the following issues: CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 CVE-2025-10148: Predictable WebSocket mask bsc1249348 Fix the --ftp-pasv option in curl v8.14.1 bsc1246197 tooloperate: fix return code when --retry is used but not triggered...

Exploit for Origin Validation Error in Edex-Ui_Project Edex-Ui

CVE-2023-30856 Security Patch for eDEX-UI ⚠️ Critical Secu...

Fedora: Security Advisory (FEDORA-2025-97ae15dc56)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...