Denial Of Service (DoS)

github.com/kuadrant/authorino is vulnerable to Denial of Service DoS. The vulnerability is due to the lack of limits on post-authorization callbacks, allowing an attacker with developer persona access to overload the service...

CVE-2025-25207

The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with...

dsipts (>=1.1.5 <=1.1.39), kedro-aim (>=0.1.1 <=0.1.3) +7 more potentially affected by CVE-2025-5321 via aim (>=3.17.4 <=3.29.1)

aim PYPI version =3.17.4, =1.1.5, =0.1.1, =0.0.1, =0.0.1, =0.0.20, =0.1.0, =0.5.6 Source cves: CVE-2025-5321 Source advisory: OSV:GHSA-GP5H-F9C5-8355...

CVE-2023-34166

Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart...

CVE-2022-24858

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already...

CVE-2003-0573

The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, do not perform sufficient sanity checking, with unknown impact...

DEBIAN-CVE-2025-37910

In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations On Adva boards, SMA sysfs store/get operations can call handlesignaloutputs or handlesignalinputs while the irig and dcf pointers are uninitialized, leading to a...

SUSE CVE-2022-49920

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: netlink notifier might race to release objects commit release path is invoked via callrcu and it runs lockless to release the objects after rcu grace period. The netlink notifier handler might win race to...

CVE-2025-37798

In the Linux kernel, the following vulnerability has been resolved: codel: remove sch-q.qlen check before qdisctreereducebacklog After making all -qlennotify callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fqcodeldequeue and codelqdiscdequeue...

DEBIAN-CVE-2025-37798

In the Linux kernel, the following vulnerability has been resolved: codel: remove sch-q.qlen check before qdisctreereducebacklog After making all -qlennotify callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fqcodeldequeue and codelqdiscdequeue...

CVE-2025-37798

CVE-2025-37798 affects the Linux kernel networking code. The fix removes the qlen check in fq_codel_dequeue() and codel_qdisc_dequeue() after making sch-&gt;qlen_notify() callbacks idempotent. The description indicates the vulnerability related to backlog/queue length handling in qdisc code (code...

PT-2025-20489

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, specifically in the iommu/tegra241-cmdqv module. The issue caused two WARNINGs to be observed when the SMMU driver rolled back upon...

PT-2025-18777

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue concerned the codel controlled delay qdisc queueing discipline in the kernel. Specifically, the problem involved the qlen...

PT-2025-14599 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, specifically in the am65-cpsw driver. The issue occurs when registering interrupts for TX or RX DMA channels before registering...

CVE-2025-21901 RDMA/bnxt_re: Add sanity checks on rdev validity

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Add sanity checks on rdev validity There is a possibility that ulpirqstop and ulpirqstart callbacks will be called when the device is in detached state. This can cause a crash due to NULL pointer dereference as the...

CVE-2025-21901 RDMA/bnxt_re: Add sanity checks on rdev validity

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Add sanity checks on rdev validity There is a possibility that ulpirqstop and ulpirqstart callbacks will be called when the device is in detached state. This can cause a crash due to NULL pointer dereference as the...

CVE-2023-52941

In the Linux kernel, the following vulnerability has been resolved: can: isotp: split tx timer into transmission and timeout The timer for the transmission of isotp PDUs formerly had two functions: 1. send two consecutive frames with a given time gap 2. monitor the timeouts for flow control frame...

UBUNTU-CVE-2023-52941

In the Linux kernel, the following vulnerability has been resolved: can: isotp: split tx timer into transmission and timeout The timer for the transmission of isotp PDUs formerly had two functions: 1. send two consecutive frames with a given time gap 2. monitor the timeouts for flow control frame...

kernel: PCI/PM: Drain runtime-idle callbacks before driver removal

A vulnerability was found in the PCI subsystem in the Linux kernel, where runtime-idle callbacks are not always drained before a PCI driver is removed. If these callbacks are still active when the driver is removed, it could result in system instability or crashes...

GHSA-C678-JFCJ-6JMF PyTorch Tuple Handler is Vulnerable to Memory Corruption through Manipulation of None Argument

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler.callendcallbacksonjitfut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launch...