CVE-2022-50582 regulator: core: Prevent integer underflow

In the Linux kernel, the following vulnerability has been resolved: regulator: core: Prevent integer underflow By using a ratio of delay to pollenabledtime that is not integer timeremaining underflows and does not exit the loop as expected. As delay could be derived from DT and pollenabledtime is...

CVE-2025-62773

Mercku M6a devices through 2.1.0 allow TELNET sessions via a router.telnet.enabled.update request by an administrator...

Mercku M6a 安全漏洞

Mercku M6a is a WiFi router from Mercku USA. A security vulnerability exists in Mercku M6a version 2.1.0 and earlier, which originates from an administrator being able to enable TELNET sessions via a router.telnet.enabled.update request...

NeuVector telemetry sender is vulnerable to MITM and DoS

Impact This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server at https://upgrades.neuvector-upgrade-responder.livestock.rancher.io. In affected...

EUVD-2022-54694

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix call trace observed during I/O with CMF enabled The following was seen with CMF enabled: BUG: using smpprocessorid in preemptible code: systemd-udevd/31711 kernel: caller is lpfcupdatecmfcmd+0x214/0x420 lpfc kerne...

UBUNTU-CVE-2025-11679

Out-of-bounds Read in lwsupngemitnextline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...

CVE-2025-11679

Out-of-bounds Read in lwsupngemitnextline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...

CVE-2025-62425

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

CVE-2025-20350

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to a buffer overflow...

CVE-2025-58778

Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can log in to the affected device, leading to information disclosure,...

EUVD-2025-34713

Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can log in to the affected device, leading to information disclosure,...

Ruijie RG-EST300 安全漏洞

The Ruijie RG-EST300 is a wireless bridge device from Ruijie, China. A security vulnerability exists in the Ruijie RG-EST300 that stems from the SSH server feature not being documented in the manual and enabled in the initial configuration, which could lead to information disclosure, system...

CVE-2025-20351

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI. This vulnerability exists because the web ...

CVE-2025-20351

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI. This vulnerability exists because the web ...

CVE-2025-20350

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to a buffer overflow...

CVE-2025-41430

CVE-2025-41430 affects BIG-IP SSL Orchestrator. When enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate, enabling a remote unauthenticated DoS on the BIG-IP system. Affected versions include BIG-IP SSL Orchestrator 16.1.0–16.1.3, 17.x prior to 17.5.1/17.1...

CVE-2025-55036

CVE-2025-55036 affects F5 BIG-IP SSL Orchestrator. When an explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic can trigger a memory corruption in the Explicit Forward Proxy component, leading to degraded performance or a DoS via T...

Apache Spark has Inadequate Encryption Strength

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...

CVE-2025-55039 Apache Spark, Apache Spark: RPC encryption defaults to unauthenticated AES-CTR mode, enabling man-in-the-middle ciphertext modification attacks

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...

Cisco TelePresence Collaboration Endpoint Software 日志信息泄露漏洞

Cisco TelePresence Collaboration Endpoint Software is a suite of collaboration endpoint software from Cisco. A log information disclosure vulnerability exists in Cisco TelePresence Collaboration Endpoint Software, which stems from unencrypted credentials being stored when logging is enabled for t...