httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module

An assertion failure flaw was found in Apache httpd. Untrusted clients can send inputs that trigger an assertion failure in the modproxyhttp2 module, which likely results in an Apache HTTP server crash or denial of service DoS...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a page extension mapping not being set correctly in the btrfscontexpand function, which could lead to an...

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Versions for 18.1.6, 18.2.6, and 18.3.2. The vulnerabilities in the affected versions allow authenticated users to manipulate token management, disrupt background tasks, send multiple large SAML responses, manipulate proxy environments, access...

CVE-2025-2256 Improper Validation of Specified Quantity in Input in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 7.12 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed unauthorized users to render the GitLab instance unresponsive to legitimate users by sending multiple concurrent large SAML responses...

GitLab CE和EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE and EE versions 7.12 up to and including...

SUSE CVE-2025-39769

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix lockdep warning during rmmod The commit under the Fixes tag added a netdevassertlocked in bnxtfreentpfltrs. The lock should be held during normal run-time but the assert will be triggered see below during bnxtremoveon...

DEBIAN-CVE-2025-39769

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix lockdep warning during rmmod The commit under the Fixes tag added a netdevassertlocked in bnxtfreentpfltrs. The lock should be held during normal run-time but the assert will be triggered see below during bnxtremoveon...

CVE-2025-39769

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix lockdep warning during rmmod The commit under the Fixes tag added a netdevassertlocked in bnxtfreentpfltrs. The lock should be held during normal run-time but the assert will be triggered see below during bnxtremoveon...

CVE-2025-39769 bnxt_en: Fix lockdep warning during rmmod

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix lockdep warning during rmmod The commit under the Fixes tag added a netdevassertlocked in bnxtfreentpfltrs. The lock should be held during normal run-time but the assert will be triggered see below during bnxtremoveon...

httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module

An assertion failure flaw was found in Apache httpd. Untrusted clients can send inputs that trigger an assertion failure in the modproxyhttp2 module, which likely results in an Apache HTTP server crash or denial of service DoS...

httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module

An assertion failure flaw was found in Apache httpd. Untrusted clients can send inputs that trigger an assertion failure in the modproxyhttp2 module, which likely results in an Apache HTTP server crash or denial of service DoS...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to properly handle the network device lock state in the bnxtfreentpfltrs function, which could lea...

PT-2025-37227

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.16.0 Description: The Linux kernel contained a lockdep warning within the bnxt en module during device removal rmmod. A netdev assertion was incorrectly triggered during the bnxt remove one function, which...

httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module

An assertion failure flaw was found in Apache httpd. Untrusted clients can send inputs that trigger an assertion failure in the modproxyhttp2 module, which likely results in an Apache HTTP server crash or denial of service DoS...

Shibboleth Service Provider 安全漏洞

Shibboleth Service Provider is a single sign-on framework from Shibboleth UK. A security vulnerability exists in Shibboleth Service Provider 3.5.0 and earlier versions, which stems from a SQL injection in the ID attribute of a SAML response, which could lead to the disclosure of database...

Linux Distros Unpatched Vulnerability : CVE-2021-46343

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an Assertion 'contextp-token.type == LEXERLITERAL' failed at /jerry-core/parser/js/js-parser- expr.c in JerryScript 3.0.0. CVE-2021-46343 Note that...

Linux Distros Unpatched Vulnerability : CVE-2023-31913

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jerryscript 3.0 commit 1a2c047 was discovered to contain an Assertion Failure via the component parserparseclass at jerry-core/parser/js/js-parser-expr.c...

Linux Distros Unpatched Vulnerability : CVE-2022-22892

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an Assertion 'ecmaisvalueundefined value || ecmaisvaluenull value || ecmaisvalueboolean value || ecmaisvaluenumber value || ecmaisvaluestring value ||...

Linux Distros Unpatched Vulnerability : CVE-2020-23322

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an Assertion in 'contextp-token.type == LEXERRIGHTBRACE || contextp-token.type == LEXERASSIGN || contextp-token.type == LEXERCOMMA' in...

Linux Distros Unpatched Vulnerability : CVE-2022-38496

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LIEF commit 365a16a was discovered to contain a reachable assertion abort via the component BinaryStream.hpp. CVE-2022-38496 Note that Nessus relies on the...