Vulnerability of the felix_setup_mmio_filtering() function in the drivers/net/dsa/ocelot/felix.c module – a driver for supporting DSA cores in the Linux operating system, which allows an attacker to cause a service failure.

Vulnerability of the felixsetupmmiofiltering function in the drivers/net/dsa/ocelot/felix.c module – The DSA kernel support driver for the Linux operating system is vulnerable to uncontrolled resource consumption. Exploiting this vulnerability could allow an attacker to cause a service failure...

OESA-2025-1339 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: dma-debug: fix a possible deadlock on radixlock radixlock shouldn't be held while holding dmahashentryidx.lock otherwise, there's a possible deadlock scenario wh...

CVE-2025-24808

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The requests might all go through ignoring the limit due...

USN-7387-3: Linux kernel (Real-time) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Supe...

Securing Video Contribution Feeds with Akamai’s Distributed Cloud & CDN

...

BIT-DISCOURSE-2025-24808 Discourse has race condition when adding users to a group DM

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The requests might all go through ignoring the limit due...

Oracle Linux 9 : nginx:1.22 (ELSA-2025-3261)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-3261 advisory. - Resolves: RHEL-84486 - nginx:1.22/nginx: specially crafted MP4 file may cause denial of service CVE-2024-7347 - Resolves: RHEL-12737 - nginx:1.22/nginx: HTTP/...

CVE-2025-24808

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The requests might all go through ignoring the limit due...

CVE-2025-24808 Discourse has race condition when adding users to a group DM

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel. The requests might all go through ignoring the limit due...

Why AI Inference is Driving the Shift from Centralized to Distributed Cloud Computing

...

PT-2025-12890 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.3.4 on the stable branch and prior to 3.4.0.beta5 on the beta branch Description: The issue affects an open-source discussion platform, where a race condition allows someone about to reach the user limit in a gro...

Distributed Cloud Solutions and AI: Key Findings from Forrester's 2024 Study

...

CVE-2024-9052

A flaw was found in the vLLM distributed training API. This vulnerability allows remote code execution via unsafe deserialization, which uses pickle.loads without sanitization...

SnailJob 代码问题漏洞

SnailJob is a flexible, reliable and efficient distributed task retrying and task scheduling platform from aizuda open source. A code issue vulnerability exists in SnailJob version 1.4.0, which stems from a deserialization vulnerability...

GHSA-XQGJ-R6XV-9CW4 Withdrawn Advisory: Dask Vulnerable to Command Injection

Withdrawn Advisory This advisory has been withdrawn because it describes intended functionality. This link is maintained to preserve external references. Original Description Dask versions =2024.8.2 contain a vulnerability in the Dask Distributed Server where the use of pickle serialization allow...

CVE-2024-9052

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-10096

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-9052

...

CVE-2024-9052

...

CVE-2024-9052

Summary: CVE-2024-9052 relates to a deserialization flaw in the vLLM project’s distributed training API. The issue enables remote code execution via unsafe deserialization of object bytes using pickle.loads() without sanitization, specifically within the vllm.distributed.GroupCoordinator.recv_obj...