5302 matches found
Unbreakable Enterprise kernel security update
5.15.0-313.189.5.2 - nfsd: handle getclientlocked failure in nfsd4setclientidconfirm Jeff Layton Orabug: 38575798 CVE-2025-38724 - crypto: afalg - Fix incorrect boolean values in afalgctx Eric Biggers Orabug: 38575792 - crypto: afalg - Disallow concurrent writes in afalgsendmsg Herbert Xu Orabug:...
PT-2025-43618
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the crypto/af alg subsystem. A change introduced by commit 1b34cbbf4f01 altered data types from bool to 1-bit bitfields of type u32. This...
CVE-2025-62706
Authlib’s CVE-2025-62706 affects the JWE zip=DEF decompression path in prior releases. A small ciphertext could inflate to tens/hundreds of MB during decrypt, enabling DoS via memory and CPU exhaustion. A fix exists in v1.6.5; mitigations include rejecting or stripping zip=DEF for inbound JWEs, a...
EUVD-2023-60009
In the Linux kernel, the following vulnerability has been resolved: serial: arcuart: fix ofiomap leak in arcserialprobe Smatch reports: drivers/tty/serial/arcuart.c:631 arcserialprobe warn: 'port-membase' from ofiomap not released on lines: 631. In arcserialprobe, if uartaddoneport fails,...
Genesis: Evolving Attack Strategies for LLM Web Agent Red-Teaming
As large language model LLM agents increasingly automate complex web tasks, they boost productivity while simultaneously introducing new security risks. However, relevant studies on web agent attacks remain limited. Existing red-teaming approaches mainly rely on manually crafted attack strategies...
kernel: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a potential UAF in hfscdequeue too Similarly to the previous patch, we need to safe guard hfscdequeue too. But for this one, we don't have a reliable reproducer...
EUVD-2025-34428
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally...
CVE-2025-53782
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally...
EUVD-2025-34068
In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Disallow concurrent writes in afalgsendmsg Issuing two writes to the same afalg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencie...
CVE-2025-39964
In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Disallow concurrent writes in afalgsendmsg Issuing two writes to the same afalg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencie...
UBUNTU-CVE-2025-39964
In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Disallow concurrent writes in afalgsendmsg Issuing two writes to the same afalg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencie...
CVE-2025-39964 crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Disallow concurrent writes in afalgsendmsg Issuing two writes to the same afalg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencie...
CVE-2025-39964
CVE-2025-39964 affects the Linux kernel crypto: af_alg where two concurrent writes to the same af_alg socket could interleave data and corrupt internal socket state. The fix adds a dedicated exclusive ownership indicator (ctx->write) to prevent concurrent writes and ensure serialized access. I...
CVE-2025-39964 crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Disallow concurrent writes in afalgsendmsg Issuing two writes to the same afalg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencie...
CVE-2025-39964
In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Disallow concurrent writes in afalgsendmsg Issuing two writes to the same afalg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencie...
Allocation of Resources Without Limits or Throttling
Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the DeflateZipAlgorithm.decompress function. An attacker can exhaust memory and CPU resources by submitting...
SUSE-SU-2025:03541-1 Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-15040024153 fixes several issues. The following security issues were fixed: - CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket bsc1243650. - CVE-2025-38477: net/sched: schqfq: Fix race condition on qfqaggregate bsc1247315. -...
EUVD-2025-33725
python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...
CVE-2025-61152
python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...
Exploit for Use of a Broken or Risky Cryptographic Algorithm in File_Away_Project File_Away
It is an exploit module/toolkit targeting unspecified products/s...