CVE-2025-37800

CVE-2025-37800 targets the Linux kernel driver core. A potential NULL pointer dereference in dev_uevent() could occur if userspace reads a uevent attribute while another thread unbinds the device, changing dev->driver from a valid pointer to NULL. The fix uses READ_ONCE() when fetching the dri...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unchecked optional device attribute that could lead to a null pointer dereference...

RHEL 9 : firefox (RHSA-2025:4753)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:4753 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

CVE-2024-42212

HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery CSRF attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions...

DRUPAL-CONTRIB-2025-050

Klaro Cookie & Consent Management module is used for consent management for cookies and external sources. It makes changes to the markup to enable or disable loading. The module doesn't sufficiently sanitize data attributes allowing persistent Cross Site Scripting XSS attacks. This vulnerability ...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird ESR 128.10 update bsc1241621: CVE-2025-4082: WebGL shader attribute memory corruption in Thunderbird for macOS. CVE-2025-4087: Unsafe attribute access during XPath parsing. CVE-2025-4093: Memory safety bug fixed in...

Securing Immersive 360 Video Streams through Attribute-Based Selective Encryption

Delivering high-quality, secure 360� video content introduces unique challenges, primarily due to the high bitrates and interactive demands of immersive media. Traditional HTTPS-based methods, although widely used, face limitations in computational efficiency and scalability when securing these...

PT-2025-23157

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue concerns unsafe attribute parsing in the output userspace function of the openvswitch module in the Linux kernel. A patch has been applied to replace manual Netlink attribute...

Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling

Overview This vulnerability allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Am I Affected? You are affected by this SAML Attribute Smuggling vulnerability if you are using...

GHSA-8GQJ-226H-GM8R Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling

Overview This vulnerability allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response. Am I Affected? You are affected by this SAML Attribute Smuggling vulnerability if you are using...

CVE-2025-46573 passport-wsfed-saml2 Has SAML Authentication Bypass via Attribute Smuggling

passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done b...

CBL Mariner 2.0 Security Update: kernel (CVE-2025-39735)

"The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-39735 advisory. - In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in eag...

CVE-2024-42212

HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery CSRF attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions...

CVE-2024-42212

HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery CSRF attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions...

CVE-2024-42212 HCL BigFix Compliance is affected by an improper or missing SameSite attribute

HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery CSRF attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions...

CVE-2024-42212 HCL BigFix Compliance is affected by an improper or missing SameSite attribute

HCL BigFix Compliance is affected by an improper or missing SameSite attribute. This can lead to Cross-Site Request Forgery CSRF attacks, where a malicious site could trick a user's browser into making unintended requests using authenticated sessions...

CVE-2024-42212

CVE-2024-42212 affects HCL BigFix Compliance due to an improper or missing SameSite attribute, enabling Cross-Site Request Forgery (CSRF) via authenticated sessions. The primary sources consistently describe the issue as a CSRF risk stemming from SameSite misconfiguration; the CVSS 3.1 base metri...

SUSE CVE-2022-49763

In the Linux kernel, the following vulnerability has been resolved: ntfs: fix use-after-free in ntfsattrfind Patch series "ntfs: fix bugs about Attribute", v2. This patchset fixes three bugs relative to Attribute in record: Patch 1 adds a sanity check to ensure that, attrsoffset field in first mf...

firefox: thunderbird: Unsafe attribute access during XPath parsing

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access an...

firefox: thunderbird: Unsafe attribute access during XPath parsing

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access an...