CVE-2022-49274

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix crash when mount with quota enabled There is a reported crash when mounting ocfs2 with quota enabled. RIP: 0010:ocfs2qinfolockresinit+0x44/0x50 ocfs2 Call Trace: ocfs2localreadinfo+0xb9/0x6f0 ocfs2...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the iolatencypdoffline function decreasing the enabled counter when the queue is not frozen, resulting in an...

Exim 4.98 SQL Injection Vulnerability

Exim versions 4.98 before 4.98.1 suffer from a remote SQL injection vulnerability. CVE 2025-26794 - Sat, 08 Feb 2025 21:14:37 +0100: reported - by: "Oscar Bataille" - to: email protected - Sun, 9 Feb 2025 00:00:05 +0100: report confirmed - Tue, 11 Feb 2025 00:23:34 +0100: issue confirmed - Tue, 1...

CVE-2024-49355 IBM OpenPages log manipulation

IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature...

CVE-2025-26465

The CVE-2025-26465 issue affects OpenSSH when VerifyHostKeyDNS is enabled. A remote attacker could perform a MITM impersonation by abusing error-code handling during host-key verification, with success contingent on exhausting the client’s memory resources. Affected context is OpenSSH implementat...

SUSE CVE-2023-3090

A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb-cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIGIPVLAN is enabled. We...

PT-2025-7060 · Elabftw · Elabftw

Name of the Vulnerable Software and Affected Versions: eLabFTW versions prior to 5.1.15 Description: eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, includi...

CVE-2025-23189

Due to missing authorization check in an RFC enabled function module in transaction SDCCN, an authenticated attacker could generate technical meta-data. This leads to a low impact on integrity. There is no impact on confidentiality or availability...

February 11, 2025—KB5052042 (Monthly Rollup)

February 11, 2025—KB5052042 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU...

CVE-2025-23190

Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. The attacker cannot modify data or impact the availability of the system...

CVE-2025-23190 Missing Authorization check in SAP NetWeaver and ABAP platform (ST-PI)

Due to missing authorization check, an authenticated attacker could call a remote-enabled function module which allows them to access data that they would otherwise not have access to. The attacker cannot modify data or impact the availability of the system...

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

WordPress File Manager Plugin < 6.5 Information Disclosure Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webdesi9:filemanager"; if description...

DEBIAN-CVE-2024-57949

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Don't enable interrupts in itsirqsetvcpuaffinity The following call-chain leads to enabling interrupts in a nested interrupt disabled section: irqsetvcpuaffinity irqgetdesclock rawspinlockirqsave --- Disable...

CVE-2024-57949 irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Don't enable interrupts in itsirqsetvcpuaffinity The following call-chain leads to enabling interrupts in a nested interrupt disabled section: irqsetvcpuaffinity irqgetdesclock rawspinlockirqsave --- Disable...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from enabling interrupts in the itsirqsetvcpuaffinity function...

CVE-2021-37859

Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost...

2N OS 安全漏洞

2N OS is an operating system for access control systems from 2N. A security vulnerability exists in 2N OS that stems from an unfiltered authentication token when logging is enabled. An attacker could exploit the vulnerability to obtain a valid token...

CVE-2022-28194

NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrablcbo.c, where, if TFTP is enabled, a local attacker with elevated privileges can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service, and some impact to...