270 matches found
Rapid7 AppSpider Pro 数据伪造问题漏洞
Rapid7 AppSpider Pro is a dynamic application security testing solution from Rapid7, Inc. that allows you to scan Web and mobile applications for vulnerabilities. A data forgery issue vulnerability exists in Rapid7 AppSpider Pro versions prior to 7.5.021, which stems from insufficient project nam...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper handling of devlink locking, which could lead to locking conflicts during synchronization resets...
DEBIAN-CVE-2022-50332
In the Linux kernel, the following vulnerability has been resolved: video/aperture: Call sysfbdisable before removing PCI devices Call sysfbdisable from apertureremoveconflictingpcidevices before removing PCI devices. Without, simpledrm can still bind to simple-framebuffer devices after the...
Oracle Linux 10 : kernel (ELSA-2025-15662)
The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-15662 advisory. 6.12.0-55.32.1.0.1 - nvme-pci: remove two deallocate zeroes quirks Orabug: 37756650 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 -...
drbd: add missing kref_get in handle_write_conflicts
...
SUSE CVE-2025-38708
In the Linux kernel, the following vulnerability has been resolved: drbd: add missing krefget in handlewriteconflicts With two-primaries enabled, DRBD tries to detect "concurrent" writes and handle write conflicts, so that even if you write to the same sector simultaneously on both nodes, they en...
CVE-2025-38708
In the Linux kernel, the following vulnerability has been resolved: drbd: add missing krefget in handlewriteconflicts With two-primaries enabled, DRBD tries to detect "concurrent" writes and handle write conflicts, so that even if you write to the same sector simultaneously on both nodes, they en...
AZL-66824 CVE-2025-38708 affecting package kernel for versions less than 6.6.104.2-1
In the Linux kernel, the following vulnerability has been resolved: drbd: add missing krefget in handlewriteconflicts With two-primaries enabled, DRBD tries to detect "concurrent" writes and handle write conflicts, so that even if you write to the same sector simultaneously on both nodes, they en...
DEBIAN-CVE-2025-38708
In the Linux kernel, the following vulnerability has been resolved: drbd: add missing krefget in handlewriteconflicts With two-primaries enabled, DRBD tries to detect "concurrent" writes and handle write conflicts, so that even if you write to the same sector simultaneously on both nodes, they en...
AZL-75303 CVE-2025-38708 affecting package kernel for versions less than 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: drbd: add missing krefget in handlewriteconflicts With two-primaries enabled, DRBD tries to detect "concurrent" writes and handle write conflicts, so that even if you write to the same sector simultaneously on both nodes, they en...
UBUNTU-CVE-2025-38708
In the Linux kernel, the following vulnerability has been resolved: drbd: add missing krefget in handlewriteconflicts With two-primaries enabled, DRBD tries to detect "concurrent" writes and handle write conflicts, so that even if you write to the same sector simultaneously on both nodes, they en...
CVE-2025-38708
CVE-2025-38708 is addressed in the Linux kernel via a fix in DRBD: a missing kref_get in handle_write_conflicts when two-primaries are enabled could cause a use-after-free and kernel crash. The issue occurs during detection of concurrent writes to the same sector across nodes, where premature drb...
CVE-2025-38708 drbd: add missing kref_get in handle_write_conflicts
In the Linux kernel, the following vulnerability has been resolved: drbd: add missing krefget in handlewriteconflicts With two-primaries enabled, DRBD tries to detect "concurrent" writes and handle write conflicts, so that even if you write to the same sector simultaneously on both nodes, they en...
CVE-2025-38708 drbd: add missing kref_get in handle_write_conflicts
In the Linux kernel, the following vulnerability has been resolved: drbd: add missing krefget in handlewriteconflicts With two-primaries enabled, DRBD tries to detect "concurrent" writes and handle write conflicts, so that even if you write to the same sector simultaneously on both nodes, they en...
shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.
...
Linux Distros Unpatched Vulnerability : CVE-2024-0410
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A...
kernel security update
5.14.0-570.35.1.0.16.OL9 - nvme-pci: remove two deallocate zeroes quirks Orabug: 37756650 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys lis...
kernel security update
4.18.0-553.70.110.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
The vulnerability of the distributed version control system Git used by Microsoft Visual Studio allows a perpetrator to execute arbitrary code.
The vulnerability of the distributed version control system Git used by Microsoft Visual Studio is related to the occurrence of interpretation conflicts. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
LlamaIndex 安全漏洞
LlamaIndex is a data framework for LLM applications open-sourced by LlamaIndex. A security vulnerability exists in LlamaIndex version 0.12.28 and earlier, which stems from the use of MD5 hashing to generate document block IDs, which could lead to hash conflicts...