Security Bulletin: Multiple vulnerabilities in IBM Db2 may affect IBM Storage Protect Server.

Summary IBM Storage Protect Server uses IBM Db2 and may be affected by multiple vulnerabilities which could lead to denial of service, remote code execution or loss of confidentiality, integrity or availability. CVE-2023-39976, CVE-2023-40373, CVE-2023-40372, CVE-2023-30987, CVE-2023-38719,...

wildfly: unsafe deserialization in Wildfly Enterprise Java Beans

A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...

undertow: special character in query results in server errors

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability...

VulnCheck KEV: CVE-2024-54085

AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability...

Vulnerability of the mcb_alloc_bus() function in the drivers/mcb/mcb-core.c module – The driver for supporting the MEN Chameleon Bus in the Linux operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

Vulnerability of the mcballocbus function in the drivers/mcb/mcb-core.c module – The Linux kernel’s MEN Chameleon Bus driver relies on the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibilit...

The vulnerability of the ieee80211_check_fast_xmit() function in the net/mac80211/tx.c module of the mac80211 stack in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the ieee80211checkfastxmit function in the net/mac80211/tx.c module of the mac80211 stack in the Linux operating system is related to code errors. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

The vulnerability of the get_overflow_stack() function in the arch/riscv/kernel/traps.c module of the module management subsystem for the RISC-V architecture-based Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the getoverflowstack function in the arch/riscv/kernel/traps.c module of the module management subsystem for the RISC-V architecture-based Linux operating system is related to synchronization errors when using shared resources. Exploiting this vulnerability could allow an...

The vulnerability of the __get_cur_name_and_parent() function in the fs/btrfs/send.c module of the file system support module for Linux’s kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the getcurnameandparent function in the fs/btrfs/send.c module of the Linux file system support module is related to copying buffers without checking the size of the input data a classic buffer overflow attack. Exploiting this vulnerability could allow an attacker to compromi...

The vulnerability of the iocg_pay_debt() function in the block/blk-iocost.c module, which supports the block-level kernel in the Linux operating system. This vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the iocgpaydebt function in the block/blk-iocost.c module, which supports the block-level kernel in the Linux operating system, is related to incorrect validation of input data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity...

The vulnerability of the dbAllocBits() function in the fs/jfs/jfs_dmap.c module of the Linux file system support for JFS kernels allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the dbAllocBits function in the fs/jfs/jfsdmap.c module of the Linux file system support module JFS is related to unvalidated array indexing. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

CVE-2025-6434

creationtimestamp| type| source ---|---|--- 2025-06-24 16:50:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsekkcoiaq2o 2025-06-25 14:51:31+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/19459...

TOTOLINK T10 Trust Management Issue Vulnerability

TOTOLINK T10 is a wireless network system router from China's Gion Electronics TOTOLINK. The TOTOLINK T10 suffers from a trust management issue vulnerability that stems from the use of hard-coded passwords in the file /etc/shadow.sample. An attacker could exploit the vulnerability to cause...

The vulnerability of the rweather library and the crypto-based solutions for organizing tactical radio communications in hard-to-access areas like Meshtastic allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the rweather library and the crypto-based solutions for organizing tactical radio communications in hard-to-access areas like Meshtastic is related to insufficient entropy during key generation. Exploiting this vulnerability allows a remote attacker to compromise the...

MINI-V53V-RXX2-QR96

Bulletin has no description...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

...

The vulnerability of the setWiFiScheduleCfg() function (/cgi-bin/cstecgi.cgi) in the TOTOLINK T10 router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the setWiFiScheduleCfg function /cgi-bin/cstecgi.cgi in the TOTOLINK T10 router microprogramming software is related to the issue of the operation going beyond the buffer in memory when processing the desc parameter. Exploiting this vulnerability allows a remote attacker to...

The vulnerability of the sub_3C8EC function in the microprogramming software of the dual-band Wi-Fi amplifier Netgear EX6200 allows a intruder to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the sub3C8EC function in the microprogramming software of the dual-band Wi-Fi amplifier Netgear EX6200 is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to influence the confidentiality,...

The vulnerability of the ucsi_ccg_sync_control() function in the Linux kernel’s driver/us module allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the ucsiccgsynccontrol function in the drivers/us module of the Linux operating system is related to unvalidated array indexing. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the kvm_riscv_vcpu_sbi_init() function in the arch/riscv/kvm/vcpu_sbi.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the kvmriscvvcpusbiinit function in the arch/riscv/kvm/vcpusbi.c module of the Linux operating system is related to unvalidated array indexing. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protect...

The vulnerability of the xe_reg_sr_add() function in the drivers/gpu/drm/xe/xe_reg_sr.c kernel of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the xeregsradd function in the drivers/gpu/drm/xe/xeregsr.c kernel of the Linux operating system is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility o...