CVE-2025-37756 net: tls: explicitly disallow disconnect

In the Linux kernel, the following vulnerability has been resolved: net: tls: explicitly disallow disconnect syzbot discovered that it can disconnect a TLS socket and then run into all sort of unexpected corner cases. I have a vague recollection of Eric pointing this out to us a long time ago...

CVE-2025-37754

In the Linux kernel, the following vulnerability has been resolved: drm/i915/huc: Fix fence not released on early probe errors HuC delayed loading fence, introduced with commit 27536e03271da "drm/i915/huc: track delayed HuC load with a fence", is registered with object tracker early on driver pro...

CVE-2025-37754 drm/i915/huc: Fix fence not released on early probe errors

In the Linux kernel, the following vulnerability has been resolved: drm/i915/huc: Fix fence not released on early probe errors HuC delayed loading fence, introduced with commit 27536e03271da "drm/i915/huc: track delayed HuC load with a fence", is registered with object tracker early on driver pro...

Citrix App Layering 2503: Elastic Layer Assignments Load Older Layer Version After ELM Upgrade

After upgrading the Enterprise Layer Manager ELM to version 2503, users continue to receive older versions of elastic layers on their virtual desktops, even after the elastic layer assignments have been updated to newer versions. Additional symptoms observed: New versions of App Layers are create...

PT-2025-18464 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the function dpu plane virtual atomic check in the Linux kernel, which was dereferencing pointers returned by drm atomic get plane state without checking for...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly handling reassigned nodes, which could lead to tree modification log errors...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from mishandling of eventfd errors, which could lead to a resource leak...

PT-2025-18486 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, specifically in the gfs2 module. The issue involves the sb bsize shift field, which can be corrupted, leading to messy mount erro...

PT-2025-18536

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak issue has been identified in the Linux kernel, specifically in the octeon ep module. The problem occurs when unsupported dev and mbox init errors happen, causing the oct-co...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an integer overflow causing vmalloc to fail, potentially leading to a memory allocation failure...

CVE-2025-4037

A vulnerability was found in code-projects ATM Banking 1.0. It has been classified as critical. Affected is the function moneyDeposit/moneyWithdraw. The manipulation leads to business logic errors. Local access is required to approach this attack. The exploit has been disclosed to the public and...

Kyverno 安全漏洞

Kyverno is a policy engine designed for Kubernetes that is open sourced by Kyverno. A security vulnerability exists in Kyverno versions prior to 1.14.0 that stems from mishandling of namespace selector errors, which could lead to bypassing security policies...

ROS-20250430-13

HAProxy server software vulnerability is related to bounds errors in regsub function in src/sample.c. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...

CVE-2025-4037

A vulnerability was found in code-projects ATM Banking 1.0. It has been classified as critical. Affected is the function moneyDeposit/moneyWithdraw. The manipulation leads to business logic errors. Local access is required to approach this attack. The exploit has been disclosed to the public and...

undertow: Large AJP request may cause DoS

A flaw was found in Undertow. AJP requests to the server may allow an attacker to send a malicious request and trigger server errors, resulting in a denial of service...

PT-2025-18115 · Unknown · Code-Projects Atm Banking

Name of the Vulnerable Software and Affected Versions: code-projects ATM Banking version 1.0 Description: A critical vulnerability was found in the code-projects ATM Banking software. The issue affects the moneyDeposit/moneyWithdraw function, leading to business logic errors. Local access is...

Ubuntu 18.04 LTS / 20.04 LTS : KiCad vulnerabilities (USN-7466-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7466-1 advisory. It was discovered that KiCad incorrectly handled memory when opening malicious files. An attacker could possibly use this issue to cause a...

PT-2025-29020

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 6.15.0-rc3+ and earlier Description: The Linux kernel contains a flaw within the sun8i-ce-cipher module related to error handling in the sun8i ce cipher prepare function. This issue manifests as two DMA cleanup problems ...

XML Entity Expansion (XEE)

org.apache.solr, solr-core is vulnerable to an XML Entity Expansion XEE. The vulnerability is due to XML resource consumption caused by the use of XML DOCTYPE and ENTITY declarations, which allows an attacker to trigger excessive memory usage during XML parsing, leading to out-of-memory errors...

CVE-2025-1908 Business Logic Errors in GitLab

An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...