6052 matches found
kernel: uprobes: fix kernel info leak via "[uprobes]" vma
In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via "uprobes" vma xoladdvma maps the uninitialized page allocated by createxolarea into userspace. On some architectures x86 this memory is readable even without VMREAD, VMEXEC results in the same...
kernel: net: inet: do not leave a dangling sk pointer in inet_create()
In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk pointer in inetcreate sockinitdata attaches the allocated sk object to the provided sock object. If inetcreate fails later, the sk object is freed, but the sock object retains the dangling...
Siemens APOGEE PXC+TALON TC Series 安全漏洞
Siemens APOGEE PXC+TALON TC Series is a series of core controllers for building automation systems from Siemens Germany. A denial of service vulnerability exists in the Siemens APOGEE PXC+TALON TC Series, which can be exploited by an attacker to cause a denial of service due to an unsolicited...
DEBIAN-CVE-2025-37852
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle amdgpucgscreatedevice errors in amdpowerplaycreate Add error handling to propagate amdgpucgscreatedevice failures to the caller. When amdgpucgscreatedevice fails, release hwmgr and return -ENOMEM to prevent nul...
UBUNTU-CVE-2025-37852
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: handle amdgpucgscreatedevice errors in amdpowerplaycreate Add error handling to propagate amdgpucgscreatedevice failures to the caller. When amdgpucgscreatedevice fails, release hwmgr and return -ENOMEM to prevent nul...
CVE-2025-40623
SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘Sender’ and...
GHSA-76VF-MPMX-777J Graylog Allows Session Takeover via Insufficient HTML Sanitization
Impact It is possible to obtain user session cookies by submitting an HTML form as part of an Event Definition Remediation Step field. For this attack to succeed, the attacker needs a user account with permissions to create event definitions, while the user must have permissions to view alerts...
Cross-site Scripting (XSS)
Overview org.graylog2:graylog2-server is a log management platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the plugins and API Browser. An attacker with the FILESCREATE permission can upload and execute arbitrary Javascript, leading to unauthorized action...
Malicious code in create-krnl-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 211459e94c3ff6a3713ee7a8327fdef67b1eaac62530f22c658dad263fa901db Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3680 Malicious code in create-krnl-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 211459e94c3ff6a3713ee7a8327fdef67b1eaac62530f22c658dad263fa901db Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Configure Audit Rules for File Access Failures
System calls, such as open, truncate, ftruncate, create and openat, are audited and monitored. If the -EACCES or -EPERM error is returned, you lack the permission to access the files. In this case, audit logs need to be recorded. File access failures due to a lack of proper permissions are common...
Tcman Gim SQL注入漏洞
Tcman Gim is a facility management software from the Spanish company Tcman designed for use on mobile devices. A SQL injection vulnerability exists in Tcman Gim version v11, which stems from an SQL injection in the createNotificationAndroid endpoint Sender and email parameters...
UBUNTU-CVE-2022-49811
In the Linux kernel, the following vulnerability has been resolved: drbd: use after free in drbdcreatedevice The drbddestroyconnection frees the "connection" so use the safe iterator to prevent a use after free...
PT-2025-18522 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A potential null pointer dereference issue has been identified in the Linux kernel, specifically in the lan966x stats init function. This function calls create singlethread workqueue...
PT-2025-18528 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free issue has been identified in the drbd create device function. The drbd destroy connection function frees the connection, and to prevent this issue, the safe iterator...
glibc security update
2.28-251.0.3.16 - Forward port of Oracle patches Reviewed-by: Elena Zannoni Oracle history: March-26-2025 Cupertino Miranda - 2.28-251.0.3.14 - OraBug: 36625686 Add MTE support on string functions Reviewed-by: Jose E. Marchesi March-17-2025 Cupertino Miranda - 2.28-251.0.2.14 - Forward port of...
CVE-2024-41446
A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...
CVE-2025-43921
GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...
PLANET UNI-NMS-Lite 信任管理问题漏洞
Planet UNI-NMS-Lite is a universal network management system from PLANET China that monitors all deployed wired or wireless PoE industrial grade network devices. Planet UNI-NMS-Lite is vulnerable to a trust management issue that can be exploited by an attacker to submit a special request that can...
SUSE CVE-2025-22115
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block group refcount race in btrfscreatependingblockgroups Block group creation is done in two phases, which results in a slightly unintuitive property: a block group can be allocated/deallocated from after...