Information Disclosure

oxid-esales/oxideshop-ce is vulnerable to information disclosure. The vulnerability is due to improper error handling and also Smarty syntax errors in CMS pages that may allow an attacker to access user information...

Forensics of Error Rates of Quantum Hardware

There has been a rise in third-party cloud providers offering quantum hardware as a service to improve performance at lower cost. Although these providers provide flexibility to the users to choose from several qubit technologies, quantum hardware, and coupling maps; the actual execution of the...

CVE-2025-47287

Summary: CVE-2025-47287 affects Tornado (Python Tornado) where the multipart/form-data parser can log an excessive amount of messages and continue parsing, causing a DoS due to synchronous logging. All versions prior to 6.5.0 are affected; a patch is available in Tornado 6.5.0/6.50. Affects: Torn...

Python 资源管理错误漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. Python suffers from a resource management error vulnerability that stems from improper error handling when using...

Data Corruption

org.eclipse.jetty:jetty-server is vulnerable to Data Corruption. The vulnerability is due to improper buffer management caused by the incorrect release of a buffer when handling gzip errors during request body inflation, allows attackers to access sensitive data from other requests...

Alibaba Cloud Linux 3 : 0107: libXpm (ALINUX3-SA-2024:0107)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0107 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-43788: A vulnerability was found ...

ROS-20250514-01

A vulnerability in the iiosimpledummytriggerh function of driver drivers/iio/dummy/iiosimpledummybuffer.c of the Linux kernel's IIO stub driver support is related to the use of an uninitialized resource. an uninitialized resource. Exploitation of the vulnerability could allow an attacker to gain...

CVE-2024-56526

An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error...

CVE-2024-56526

An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error...

kernel: HID: amd_sfh: Switch to device-managed dmam_alloc_coherent()

In the Linux kernel, the following vulnerability has been resolved: HID: amdsfh: Switch to device-managed dmamalloccoherent Using the device-managed version allows to simplify clean-up in probe error path. Additionally, this device-managed ensures proper cleanup, which helps to resolve memory...

kernel: dm array: fix releasing a faulty array block twice in dm_array_cursor_end

In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a faulty array block twice in dmarraycursorend When dmbmreadlock fails due to locking or checksum errors, it releases the faulty block implicitly while leaving an invalid output pointer behind. The caller ...

kernel: ext4: don't set SB_RDONLY after filesystem errors

In the Linux kernel, the following vulnerability has been resolved: ext4: don't set SBRDONLY after filesystem errors When the filesystem is mounted with errors=remount-ro, we were setting SBRDONLY flag to stop all filesystem modifications. We knew this misses proper locking sb-sumount and does no...

kernel: ovl: Filter invalid inodes with missing lookup function

In the Linux kernel, the following vulnerability has been resolved: ovl: Filter invalid inodes with missing lookup function Add a check to the ovldentryweird function to prevent the processing of directory inodes that lack the lookup function. This is important because such inodes can cause error...

kernel: drm/amdgpu: the warning dereferencing obj for nbio_v7_4

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: the warning dereferencing obj for nbiov74 if rasmanager obj null, don't print NBIO err data...

Invalid login error is show when FAS is enabled on Rocky Linux 9.2

You deploy Rocky Linux 9.x FAS is configured and works fine on other OS like Windows, Ubuntu Issue is seen only with RHEL 9.x or Rocky Linux 9.x Invalid login prompt is thrown. Preauthentication errors are noticed in ctxkrb debug tool when installed for debug purposes on the Linux VDA...

DEBIAN-CVE-2025-37872

In the Linux kernel, the following vulnerability has been resolved: net: txgbe: fix memory leak in txgbeprobe error path When txgbeswinit is called, memory is allocated for wx-rsskey in wxinitrsskey. However, in txgbeprobe function, the subsequent error paths after txgbeswinit don't free the...

CVE-2025-37837 iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent()

In the Linux kernel, the following vulnerability has been resolved: iommu/tegra241-cmdqv: Fix warnings due to dmamfreecoherent Two WARNINGs are observed when SMMU driver rolls back upon failure: arm-smmu-v3.9.auto: Failed to register iommu arm-smmu-v3.9.auto: probe with driver arm-smmu-v3 failed...

CVE-2025-37817 mcb: fix a double free bug in chameleon_parse_gdd()

In the Linux kernel, the following vulnerability has been resolved: mcb: fix a double free bug in chameleonparsegdd In chameleonparsegdd, if mcbdeviceregister fails, 'mdev' would be released in mcbdeviceregister via putdevice. Thus, goto 'err' label and free 'mdev' again causes a double free. Jus...

sssd bug fix update

An update is available for sssd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The System Security Services Daemon SSSD service provides a set of daemons to...

RLSA-2024:4237 Moderate: go-toolset security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: archive/zip: Incorrect handling of certain ZIP files CVE-2024-24789 golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses CVE-2024-2479...