Linux Distros Unpatched Vulnerability : CVE-2023-1667

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of...

CVE-2025-58157

gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing scalar multiplication is using the fake-GLV algorithm. This is because the algorithm didn't converge quickly enough for some of the inputs. This issue has been...

gnark 资源管理错误漏洞

gnark is a fast zk-SNARK library open-sourced by Consensys. for advanced APIs to design circuits. A resource management error vulnerability exists in gnark version 0.12.0, which stems from an improper calculation of the fake-GLV algorithm and could lead to a denial-of-service attack...

CVE-2025-30064

An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService function to genera...

kernel: crypto: algif_hash - fix double free in hash_accept

In the Linux kernel, the following vulnerability has been resolved: crypto: algifhash - fix double free in hashaccept If accept2 is called on socket type algifhash with MSGMORE flag set and cryptoahashimport fails, sk2 is freed. However, it is also freed in afalgrelease, leading to...

CVE-2025-30064 Possibility to generate a session for any user via the "ex:action" parameter after obtaining access to the JWT key

An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService function to genera...

kernel: crypto: algif_hash - fix double free in hash_accept

In the Linux kernel, the following vulnerability has been resolved: crypto: algifhash - fix double free in hashaccept If accept2 is called on socket type algifhash with MSGMORE flag set and cryptoahashimport fails, sk2 is freed. However, it is also freed in afalgrelease, leading to...

CGM CLININET 安全漏洞

CGM CLININET is a hospital information management system from CGM Germany. A security vulnerability exists in CGM CLININET that stems from the decodeParam function not verifying the signature algorithm, which could lead to the generation of arbitrary user sessions...

Linux Distros Unpatched Vulnerability : CVE-2021-30004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In wpasupplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. CVE-2021-3000...

Linux Distros Unpatched Vulnerability : CVE-2017-8845

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The lzo1xdecompress function in lzo1xd.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service invalid memory read and...

SUSE CVE-2025-38627

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix UAF of f2fsinodeinfo in f2fsfreedic The decompressioctx may be released asynchronously after I/O completion. If this file is deleted immediately after read, and the kworker of processing postreadwq has not bee...

CVE-2025-38627 f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix UAF of f2fsinodeinfo in f2fsfreedic The decompressioctx may be released asynchronously after I/O completion. If this file is deleted immediately after read, and the kworker of processing postreadwq has not bee...

CVE-2025-38627

CVE-2025-38627 affects the f2fs component of the Linux kernel. The root cause is a use-after-free of f2fs_inode_info in f2fs_free_dic when decompress_io_ctx is released asynchronously after I/O completion, potentially evicting the inode before dic is used. The exploit scenario involves concurrent...

CVE-2025-38627 f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix UAF of f2fsinodeinfo in f2fsfreedic The decompressioctx may be released asynchronously after I/O completion. If this file is deleted immediately after read, and the kworker of processing postreadwq has not bee...

CVE-2025-9309 Tenda AC10 MD5 Hash shadow hard-coded credentials

A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etcro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the...

PT-2025-34251 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 16.03.10.13 Description: A vulnerability exists in the MD5 Hash Handler component of Tenda AC10. The issue affects an unknown function within the /etc ro/shadow file. Manipulation of this function results in the exposure of...

SUSE SLES15 Security Update : kernel (Live Patch 11 for SLE 15 SP6) (SUSE-SU-2025:02926-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02926-1 advisory. This update for the Linux Kernel 6.4.0-1506002350 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: core:...

CVE-2025-9146 Linksys E5600 Firmware checkFw.sh verify_gemtek_header risky encryption

A flaw has been found in Linksys E5600 1.1.0.26. The affected element is the function verifygemtekheader of the file checkFw.sh of the component Firmware Handler. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. The attack requires a high leve...

Linksys E5600 安全漏洞

Linksys E5600 is a powerful, compact and reliable WiFi 5 router from Linksys, Inc. A security vulnerability exists in Linksys E5600 version 1.1.0.26, which originates from the presence of a risky encryption algorithm in the file checkFw.sh in the component Firmware Handler...

SUSE SLES15 Security Update : kernel RT (Live Patch 0 for SLE 15 SP7) (SUSE-SU-2025:02858-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02858-1 advisory. This update for the Linux Kernel 6.4.0-1507005 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID: core: do...