CVE-2025-9461 diyhi bbs File Compression FilePackageManageAction.java information disclosure

A weakness has been identified in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component File Compression Handler. This manipulation of the argument idGroup causes information disclosure...

CVE-2025-9461

CVE-2025-9461 affects diyhi bbs (versions up to 6.8; update to 6.9+ recommended) in the File Compression Handler, specifically in FilePackageManageAction.java. The vulnerability stems from manipulation of the idGroup argument, leading to information disclosure. Remote exploitation is possible and...

PT-2025-34733 · Diyhi Bbs · Diyhi Bbs

Name of the Vulnerable Software and Affected Versions: diyhi bbs versions prior to 6.9 Description: A weakness has been identified that may lead to information disclosure. This issue is related to the manipulation of the idGroup argument within an unknown function of the file...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.3.0.6)

The version of AOS installed on the remote host is prior to 7.3.0.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.3.0.6 advisory. - LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that...

PT-2025-40879

Name of the Vulnerable Software and Affected Versions OpenEXR versions prior to 8.0 Description An issue exists in decoding OpenEXR files that use DWAA or DWAB compression. The software makes an assumption that all image channels have the same pixel type and size, specifically expecting "B", "G",...

Linux Distros Unpatched Vulnerability : CVE-2017-9104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered. CVE-2017-9104 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2016-6635

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site request forgery CSRF vulnerability in the wpajaxwpcompressiontest function in wp- admin/includes/ajax-actions.php in WordPress before 4.5 allows remo...

CVE-2025-38627 f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix UAF of f2fsinodeinfo in f2fsfreedic The decompressioctx may be released asynchronously after I/O completion. If this file is deleted immediately after read, and the kworker of processing postreadwq has not bee...

CVE-2025-38627

CVE-2025-38627 affects the f2fs component of the Linux kernel. The root cause is a use-after-free of f2fs_inode_info in f2fs_free_dic when decompress_io_ctx is released asynchronously after I/O completion, potentially evicting the inode before dic is used. The exploit scenario involves concurrent...

CVE-2025-38627 f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix UAF of f2fsinodeinfo in f2fsfreedic The decompressioctx may be released asynchronously after I/O completion. If this file is deleted immediately after read, and the kworker of processing postreadwq has not bee...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.0.1.2)

The version of AHV installed on the remote host is prior to AHV-10.0.1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.0.1.2 advisory. - inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper...

USN-7704-4: Linux kernel (NVIDIA) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Arm Firmware Framework for ARMv8-AFFA; - Multiple devices driver; - Media drivers; - Network...

USN-7704-4 linux-nvidia vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Arm Firmware Framework for ARMv8-AFFA; - Multiple devices driver; - Media drivers; - Network...

USN-7704-3 linux-ibm, linux-intel-iotg, linux-oracle, linux-raspi vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Arm Firmware Framework for ARMv8-AFFA; - Multiple devices driver; - Media drivers; - Network...

USN-7704-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Arm Firmware Framework for ARMv8-AFFA; - Multiple devices driver; - Media drivers; - Network...

USN-7704-1 linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm-5.15, linux-intel-iot-realtime, linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle-5.15, linux-realtime, linux-xilinx-zynqmp vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Arm Firmware Framework for ARMv8-AFFA; - Multiple devices driver; - Media drivers; - Network...

Linux Distros Unpatched Vulnerability : CVE-2024-28102

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by...

Linux Distros Unpatched Vulnerability : CVE-2024-57923

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: btrfs: zlib: fix availin bytes for s390 zlib HW compression path Since the input data length...

USN-7704-2 linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Arm Firmware Framework for ARMv8-AFFA; - Multiple devices driver; - Media drivers; - Network...

Oracle Linux 8 : go-toolset:rhel8 (ELSA-2025-13940)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-13940 advisory. delve 1.24.1-1.0.1 - Disable DWARF compression which has issues Alex Burmashev golang 1.24.6-1 - Update to Go 1.24.6 fips-1 - Resolves: RHEL-106455 go-toolset...