Red Hat Ansible Automation Platform 安全漏洞

Red Hat Ansible Automation Platform Red Hat AAP is a unified solution for enabling strategic automation from Red Hat, USA. A security vulnerability exists in Red Hat Ansible Automation Platform that originates from exposing a WebSocket JSON web token in debug mode, which could lead to accessing...

Sensitive Information Disclosure

github.com/juju/juju is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the /log endpoint allowing any authenticated user to read debug log messages, which may contain sensitive information, without requiring specific permissions...

KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop

...

cifs: avoid NULL pointer dereference in dbg call

...

CVE-2025-53512

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information...

CVE-2025-38294

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix NULL access in assign channel context handler Currently, when ath12kmacassignviftovdev fails, the radio handle ar gets accessed from the link VIF handle arvif for debug logging, This is incorrect. In the fail...

CVE-2025-38294

The CVE-2025-38294 entry concerns the Linux kernel wifi driver ath12k. The vulnerability arises when ath12k_mac_assign_vif_to_vdev() fails, causing a NULL radio handle (ar) to be dereferenced during debug logging via arvif, which is invalid in fail scenarios where the radio handle is NULL. The fi...

GNU Binutils objdump debug.c debug_type_samep memory corruption

...

SUSE CVE-2025-38256

In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: fix folio unpinning syzbot complains about an unmapping failure: 108.070381 T14 kernel BUG at mm/gup.c:71! 108.070502 T14 Internal error: Oops - BUG: 00000000f2000800 1 SMP 108.123672 T14 Hardware name: QEMU KVM...

CVE-2025-20325

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster splunk.secret key. This exposure could happen if you have a Search Head cluster and...

CVE-2025-38256

In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: fix folio unpinning syzbot complains about an unmapping failure: 108.070381 T14 kernel BUG at mm/gup.c:71! 108.070502 T14 Internal error: Oops - BUG: 00000000f2000800 1 SMP 108.123672 T14 Hardware name: QEMU KVM...

CVE-2025-38256 io_uring/rsrc: fix folio unpinning

In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: fix folio unpinning syzbot complains about an unmapping failure: 108.070381 T14 kernel BUG at mm/gup.c:71! 108.070502 T14 Internal error: Oops - BUG: 00000000f2000800 1 SMP 108.123672 T14 Hardware name: QEMU KVM...

CVE-2025-38256 io_uring/rsrc: fix folio unpinning

In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: fix folio unpinning syzbot complains about an unmapping failure: 108.070381 T14 kernel BUG at mm/gup.c:71! 108.070502 T14 Internal error: Oops - BUG: 00000000f2000800 1 SMP 108.123672 T14 Hardware name: QEMU KVM...

CVE-2025-7213 FNKvision FNK-GU2 UART Interface on-chip debug and test interface with improper access control

A vulnerability classified as critical has been found in FNKvision FNK-GU2 up to 40.1.7. Affected is an unknown function of the component UART Interface. The manipulation leads to on-chip debug and test interface with improper access control. It is possible to launch the attack on the physical...

Malicious code in oneapi-gdb-debug (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6826b05948f6984052fc37700b503547ecb425474cd1e56c4b03926b8e2ffe4c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5714 Malicious code in oneapi-gdb-debug (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6826b05948f6984052fc37700b503547ecb425474cd1e56c4b03926b8e2ffe4c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

FNKvision FNK-GU2 安全漏洞

FNKvision FNK-GU2 is a camera from FNKvision Thailand. A security vulnerability exists in the FNKvision FNK-GU2 version 40.1.7 and earlier, which stems from improper access control of the UART interface and could lead to the on-chip debug and test interface being exploited...

CVE-2025-53512

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information...

CVE-2025-53512

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information...

CVE-2025-53512 Sensitive log retrieval in Juju

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information...