Thorium Platform Public Availability

Today, CISA, in partnership with Sandia National Laboratories, announced the public availability of Thoriumlink is external, a scalable and distributed platform for automated file analysis and result aggregation. Thorium enhances cybersecurity teams' capabilities by automating analysis workflows...

ROS-20250731-02

A vulnerability in the git-upload-pack method of the go-git library is related to argument injection or modification. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, and availability of protected information...

OPENSUSE-SU-2025:15396-1 ffmpeg-7-7.1.1-8.1 on GA media

These are all security issues fixed in the ffmpeg-7-7.1.1-8.1 package on the GA media of openSUSE Tumbleweed...

The vulnerability of the pcpu_alloc_noprof() function in the ice component of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the pcpuallocnoprof function in the ice component of the Linux operating system’s kernel is related to the lack of memory release after the effective lifespan has ended. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

The vulnerability of the kzalloc() function in the irq_sim component of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the kzalloc function in the irqsim component of the Linux operating system’s kernel is related to improper initialization of the resource. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

The vulnerability of sub_54014 in Netgear EX6200 Wi-Fi router’s built-in software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of sub54014 in Netgear EX6200 Wi-Fi router’s built-in software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of sub_503FC in Netgear EX6200 Wi-Fi router’s built-in software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the sub503FC function in Netgear EX6200 Wi-Fi routers is related to the output of operations that go beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the mctp_dump_addrinfo() function in the Linux kernel’s network component allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the mctpdumpaddrinfo function in the Linux kernel component is related to insufficient protection of system data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the platform_set_drvdata() function in the perf component of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the platformsetdrvdata function in the Linux operating system’s kernel component is related to the assignment of a zero pointer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the gateway_proxy_handler component in the machine learning lifecycle management platform allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the gatewayproxyhandler component in the Machine Learning Lifecycle Management platform is related to insufficient validation of requests at the server side. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility ...

OESA-2025-1913 gdk-pixbuf2 security update

gdk is written in C but has been designed from the ground up to support a wide range of languages. It provide a complete set of widgets,and suitable for projects ranging from small one-off tools to complete application suites. Security Fixes: A vulnerability was found in gdk‑pixbuf affected versi...

OPENSUSE-SU-2025:15385-1 perl-Authen-SASL-2.180.0-2.1 on GA media

These are all security issues fixed in the perl-Authen-SASL-2.180.0-2.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2025:15383-1 MozillaThunderbird-140.1.0-1.1 on GA media

These are all security issues fixed in the MozillaThunderbird-140.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not checking IDXD work queue availability...

NewStart CGSL MAIN 7.02 : edk2 Multiple Vulnerabilities (NS-SA-2025-0105)

The remote NewStart CGSL host, running version MAIN 7.02, has edk2 packages installed that are affected by multiple vulnerabilities: - EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability...

KLA86162 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit this vulnerability to cause denial of service. Original advisories CVE-2025-8010 CVE-2025-8011 Related products Microsoft-Edge CVE list CVE-2025-8010 critical CVE-2025-8011 critical Solution Install necessary...

NewStart CGSL MAIN 7.02 : avahi Multiple Vulnerabilities (NS-SA-2025-0174)

The remote NewStart CGSL host, running version MAIN 7.02, has avahi packages installed that are affected by multiple vulnerabilities: - A vulnerability was found in Avahi. A reachable assertion exists in the avahialternativehostname function. CVE-2023-38473 - A flaw was found in avahi in versions...

CVE-2025-22165

This Medium severity ACE Arbitrary Code Execution vulnerability was introduced in version 4.2.8 of Sourcetree for Mac. This ACE Arbitrary Code Execution vulnerability, with a CVSS Score of 5.9, allows a locally authenticated attacker to execute arbitrary code which has high impact to...

CVE-2025-22165

This Medium severity ACE Arbitrary Code Execution vulnerability was introduced in version 4.2.8 of Sourcetree for Mac. This ACE Arbitrary Code Execution vulnerability, with a CVSS Score of 5.9, allows a locally authenticated attacker to execute arbitrary code which has high impact to...

The vulnerability of the network management system for monitoring industrial networks in Siemens SINEC NMS lies in the lack of measures taken to protect the SQL query structure. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Siemens SINEC NMS network management system for monitoring industrial networks is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibili...