11 matches found
GHSA-GJX9-J8F8-7J74 JinJava Bypass through ForTag leads to Arbitrary Java Execution
Impact Vulnerability Type: Sandbox Bypass / Remote Code Execution Affected Component: Jinjava Affected Users: - Organizations using HubSpot's Jinjava template rendering engine for user-provided template content - Any system that renders untrusted Jinja templates using HubSpot's Jinjava...
SUSE SLES15 Security Update : kernel (Live Patch 59 for SLE 15 SP3) (SUSE-SU-2025:03672-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03672-1 advisory. This update for the Linux Kernel 5.3.18-15030059211 fixes several issues. The following security issues were fixed: - CVE-2025-38499:...
SUSE-SU-2025:03638-1 Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6)
This update for the Linux Kernel 6.4.0-1506001017 fixes several issues. The following security issues were fixed: - CVE-2025-38678: netfilter: nftables: reject duplicate device on updates bsc1249534. - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns...
CVE-2025-21971 net_sched: Prevent creation of classes with TC_H_ROOT
In the Linux kernel, the following vulnerability has been resolved: netsched: Prevent creation of classes with TCHROOT The function qdisctreereducebacklog uses TCHROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. However, if a class is created wi...
CVE-2025-21971
CVE-2025-21971 in the Linux kernel net_sched subsystem: creation of a Qdisc class with classid TC_H_ROOT (0xFFFFFFFF) could terminate traversal early during qdisc tree walk, causing incorrect root backlog statistics and potential CRASH in DRR. The fix prevents creating any Qdisc class with TC_H_R...
CVE-2024-35975
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix transmit scheduler resource leak Inorder to support shaping and scheduling, Upon class creation Netdev driver allocates trasmit schedulers. The previous patch which added support for Round robin scheduling has a...
CVE-2024-35975
CVE-2024-35975 concerns the Linux kernel, specifically the octeontx2-pf Netdev driver, where a bug in the Round Robin scheduling patch caused transmit schedulers to not be freed after a class deletion. The vulnerability is described as a transmit scheduler resource leak that arises during shaping...
BIT-GITLAB-2021-32823 Potential Denial-of-Service in bindata
In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit. In combination with...
CVE-2022-0138
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate or check the data, allowing arbitrary classes to be created...
Mail.ru: add class vulnerable Stored XSS
https://happynumbers.com stored XSS in class name via class creation dialog...
PT-2021-4288 · Ruby +2 · Bindata +2
Name of the Vulnerable Software and Affected Versions: bindata RubyGem versions prior to 2.4.10 Description: The issue is related to a potential denial-of-service vulnerability in the bindata RubyGem. In affected versions, it is very slow for certain classes in BinData to be created, such as...