dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in version 1.6.0 of dify, which stems from the authentication mechanism returning different error messages for non-existing and existing accounts, potentially leading to an...

CVE-2025-61301

Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 commit 52e4b43, on 2025-05-17 allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits o...

EUVD-2022-55000

In the Linux kernel, the following vulnerability has been resolved: net: asix: add proper error handling of usb read errors Syzbot once again hit uninit value in asix driver. The problem still the same -- asixreadcmd reads less bytes, than was requested by caller. Since all read requests are...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987683)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987683 advisory. In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix struct clk leak on probe errors Make sure to release the pipe clock reference ...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987703)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987703 advisory. In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix reset-controller leak on probe errors Make sure to release the lane reset...

EUVD-2025-35111

Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 commit 52e4b43, on 2025-05-17 allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits o...

CVE-2025-61301

Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 commit 52e4b43, on 2025-05-17 allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits o...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a migration operation competing with a fallocating hole that could cause folio to remain mapped without bein...

CVE-2025-61301

Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 commit 52e4b43, on 2025-05-17 allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits o...

RockyLinux 10 : kernel (RLSA-2025:17776)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:17776 advisory. kernel: HID: core: Harden s32ton against conversion to 0 bits CVE-2025-38556 kernel: wifi: ath12k: Decrement TID on RX peer frag setup error handling...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the login process. An attacker can determine the existence of user accounts by analyzing differences in error messages presented during authentication attempts. Remediation Upgrade ibexa/user to version 5.0.3 or...

ibexa/user login enumerates user accounts

Impact In v5, error messages could provide enough information to tell whether a user exists or not. This is resolved by ensuring the error messages are sufficiently ambigious. Patches See "Patched versions". Workarounds None. Resources...

JLSEC-2025-80 An issue was discovered in libxml2 before 2.10.4

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : FFmpeg vulnerabilities (USN-7823-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7823-1 advisory. It was discovered that FFmpeg did not correctly handle certain memory operations. An attacker could...

MediaTek Chipsets 安全漏洞

MediaTek Chipsets is a series of chips from China's MediaTek Corporation MediaTek. A security vulnerability exists in MediaTek Chipsets that stems from incorrect boundary checking, which could result in out-of-bounds writes and could lead to local elevation of privilege if a malicious attacker ha...

MediaTek Chipsets 安全漏洞

MediaTek Chipsets is a series of chips from China's MediaTek Corporation MediaTek. A security vulnerability exists in MediaTek Chipsets that stems from incorrect boundary checking, which could result in out-of-bounds writes and could lead to local elevation of privilege if a malicious attacker ha...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an uninitialized acpigpioinfo structure, which could lead to driver errors...

ROS-20251008-07

Vulnerabilities The Go programming language vulnerability is related to synchronization errors when using a of a shared resource. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...

SUSE CVE-2022-50519

In the Linux kernel, the following vulnerability has been resolved: nilfs2: replace WARNONs by nilfserror for checkpoint acquisition failure If creation or finalization of a checkpoint fails due to anomalies in the checkpoint metadata on disk, a kernel warning is generated. This patch replaces th...

CVE-2022-50538

In the Linux kernel, the following vulnerability has been resolved: vme: Fix error not catched in fakeinit In fakeinit, rootdeviceregister is possible to fail but it's ignored, which can cause unregistering vmeroot fail when exit. general protection fault, probably for non-canonical address...