Fleet 安全漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. There is a security vulnerability in Fleet, which stems...

GHSA-7FQQ-Q52P-2JJG OpenCC has an Out-of-bounds read when processing truncated UTF-8 input

Summary OpenCC versions before 1.2.0 contain two CWE-125: Out-of-bounds Read issues caused by length validation failures in UTF-8 processing. When handling malformed or truncated UTF-8 input, OpenCC trusted derived length values without enforcing the invariant that processed length must not excee...

CVE-2026-2250

The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests...

CVE-2022-50459

CVE-2022-50459 affects the Linux kernel’s iSCSI TCP path (scsi: iscsi: iscsi_tcp) where a NULL pointer dereference can occur if a socket is freed while accessed via sysfs. Details describe the sequence: sock_hold() on struct sock, then sockfd_put() frees the socket, __sock_release() clears sock-&...

CVE-2023-53400 ALSA: hda: Fix Oops by 9.1 surround channel names

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix Oops by 9.1 surround channel names getlineoutpfx may trigger an Oops by overflowing the static array with more than 8 channels. This was reported for MacBookPro 12,1 with Cirrus codec. As a workaround, extend for t...

NamelessMC 信息泄露漏洞

NamelessMC is a free, easy to use and powerful website software from the NamelessMC team. For your Minecraft server, which contains tons of features. An information disclosure vulnerability exists in NamelessMC versions prior to 2.2.4, which stems from the disclosure of sensitive information and...

CVE-2025-55158 Vim double-free vulnerability during Vim9 script import operations

Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vim’s internal typed value typvalT management. Specifically, the cleartv...

CVE-2025-55158

CVE-2025-55158 affects Vim before patch release 9.1.1406. In Vim versions 9.1.1231 through 9.1.1405, processing nested tuples during Vim9 script import operations could trigger a double-free in Vim’s internal typval_T management due to improper lifetime handling in handle_import/ex_import paths, ...

CVE-2024-2746

Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit...

CVE-2024-44952

In the Linux kernel, the following vulnerability has been resolved: driver core: Fix ueventshow vs driver detach race ueventshow wants to de-reference dev-driver-name. There is no clean way for a device attribute to de-reference dev-driver unless that attribute is defined via struct...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab that stems from the web interface...

RHEL 7 : gstreamer-plugins-good (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gstreamer-plugins-good: Heap corruption in matroska demuxing CVE-2021-3498 - GStreamer before 1.18.4 migh...

CVE-2021-47537

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix a memleak bug in rvumboxinit In rvumboxinit, mboxregions is not freed or passed out under the switch-default region, which could lead to a memory leak. Fix this bug by changing 'return err' to 'goto freeregions'...

CVE-2021-47537 octeontx2-af: Fix a memleak bug in rvu_mbox_init()

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix a memleak bug in rvumboxinit In rvumboxinit, mboxregions is not freed or passed out under the switch-default region, which could lead to a memory leak. Fix this bug by changing 'return err' to 'goto freeregions'...

CVE-2024-2746 Incomplete fix for CVE-2024-1929

Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit...

CVE-2024-2193

A Speculative Race Condition SRC vulnerability that impacts modern CPU architectures supporting speculative execution related to Spectre V1 has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the...

CVE-2024-2193

A Speculative Race Condition SRC vulnerability that impacts modern CPU architectures supporting speculative execution related to Spectre V1 has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the...

kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe

An incorrect verifier pruning flaw was found in BPF in the Linux Kernel that may lead to unsafe code paths incorrectly marked as safe, resulting in arbitrary read/writes in kernel memory, lateral privilege escalation, and container escape...

NPM IP package incorrectly identifies some private IP addresses as public

The isPublic function in the NPM package ip doesn't correctly identify certain private IP addresses in uncommon formats such as 0x7F.1 as private. Instead, it reports them as public by returning true. This can lead to security issues such as Server-Side Request Forgery SSRF if isPublic is used to...

SUSE SLES15 Security Update : kernel (Live Patch 19 for SLE 15 SP4) (SUSE-SU-2023:4867-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4867-1 advisory. - Incorrect verifier pruning in BPF in Linux Kernel =5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary...