CVE-2025-65231

Barix Instreamer prior to version 04.07 is affected by a stored Cross Site Scripting (XSS) vulnerability in the Web UI I/O & Serial configuration page. The CTS close command user-input field is stored and later rendered on the Status page, enabling an attacker to inject script via this input. Roo...

CVE-2025-65231

Barix Instreamer v04.06 and earlier is vulnerable to Cross Site Scripting XSS in the Web UI I/O & Serial configuration page, specifically the CTS close command user-input field which is stored and later rendered on the Status page...

CVE-2025-14106

A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safedir leads to command injection. The attack is possible to be carried o...

EUVD-2025-201502

A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safedir leads to command injection. The attack is possible to be carried o...

CVE-2025-14106

A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safedir leads to command injection. The attack is possible to be carried o...

CVE-2025-14106 ZSPACE Q2C NAS HTTP POST Request close zfilev2_api.CloseSafe command injection

A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safedir leads to command injection. The attack is possible to be carried o...

ZSPACE Q2C 命令注入漏洞

ZSPACE Q2C is a private cloud storage device from China's ZSPACE ZSPACE company. A command injection vulnerability exists in ZSPACE Q2C 1.1.0210050 and earlier versions, which stems from incorrect manipulation of the parameter safedir in the file /v2/file/safe/close, which could lead to a command...

PT-2025-49316

Name of the Vulnerable Software and Affected Versions ZSPACE Q2C NAS versions up to 1.1.0210050 Description A command injection issue exists in ZSPACE Q2C NAS. The issue is related to the manipulation of the safe dir argument within the zfilev2 api.CloseSafe function, located in the...

CVE-2025-40220 fuse: fix livelock in synchronous file put from fuseblk workers

In the Linux kernel, the following vulnerability has been resolved: fuse: fix livelock in synchronous file put from fuseblk workers I observed a hang when running generic/323 against a fuseblk server. This test opens a file, initiates a lot of AIO writes to that file descriptor, and closes the fi...

CVE-2025-40220

CVE-2025-40220 (Linux kernel) fixes a livelock in synchronous file put paths on fuseblk workers. Analysis in the description shows AIO writers hang waiting for fuse responses and fuse server threads stall due to synchronous RELEASE/put behavior. The patch resolves the hang by ensuring asynchronou...

kernel: udp: Fix memory accounting leak.

A memory overflow vulnerability exists within the Linux kernel's networking subsystem. Specifically, an application can set the SORCVBUF socket option to its maximum value INTMAX, which triggers an integer overflow within the udprmemrelease function during socket closure. The udpdestructcommon...

kernel: Linux kernel: Privilege escalation or Denial of Service via TCP Fast Open vulnerability

A flaw was found in the Linux kernel. A local attacker with low privileges could exploit a memory corruption vulnerability, specifically a use-after-free and double-free, within the TCP Fast Open TFO socket processing. This occurs when a listener is closed while a TFO socket is being processed in...

SUSE-SU-2025:4224-1 Security update for grub2

This update for grub2 fixes the following issues: - CVE-2025-54771: Fixed rubfileclose does not properly controls the fs refcount bsc1252931 - CVE-2025-61661: Fixed out-of-bounds write in grubusbgetstring function bsc1252932 - CVE-2025-61662: Fixed missing unregister call for gettext command may...

SUSE-SU-2025:4152-1 Security update for grub2

This update for grub2 fixes the following issues: - CVE-2025-54771: Fixed rubfileclose does not properly controls the fs refcount bsc1252931 - CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free bsc1252933 - CVE-2025-61663: Fixed missing unregister call fo...

Grub2: use-after-free in grub_file_close()

...

CVE-2025-54771 Grub2: use-after-free in grub_file_close()

A use-after-free vulnerability has been identified in the GNU GRUB Grand Unified Bootloader. The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub t...

CVE-2025-54771 Grub2: use-after-free in grub_file_close()

A use-after-free vulnerability has been identified in the GNU GRUB Grand Unified Bootloader. The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub t...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-45025)

bitmap corruption on closerange with CLOSERANGEUNSHARE copyfdbitmaps. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504655; scriptversion"1.3";...

EUVD-2025-197856

reebox v5 HD firmware = 1.7.20, Freebox v5 Crystal firmware = 1.7.20, Freebox v6 Révolution r1–r3 firmware = 4.7.x, Freebox Mini 4K firmware = 4.7.x, and Freebox One firmware = 4.7.x were discovered to expose subscribers' IMSI identifiers in plaintext during the initial phase of EAP-SIM...

HSEC-2025-0006 Private key leak via inherited file descriptor

Private key leak via inherited file descriptor The X.509 key reading function readKeyFile opened a file descriptor to the private key without setting the close-on-exec flag. If a child process is execed at the same time, it would inherit that file descriptor and could read the private key materia...