SUSE SLES15 Security Update : kernel (SUSE-SU-2025:01633-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01633-1 advisory. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: ...

CVE-2006-7000

Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to 1 email/mail.php, 2 includes/init.php, 3 certain files in includes/cron/, and 4 jpgraph.php, 5 jpgraphbar.php, 6 jpgraphpie.php, and 7 jpgraphpie3d.php in includes/graph/, which leaks the path in...

SUSE CVE-2025-37990

In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add error handling for brcmfusbdlwriteimage The function brcmfusbdlwriteimage calls the function brcmfusbdlcmd but dose not check its return value. The 'state.state' and the 'state.bytes' are uninitialized ...

CVE-2025-37931

In the Linux kernel, the following vulnerability has been resolved: btrfs: adjust subpage bit start based on sectorsize When running machines with 64k page size and a 16k nodesize we started seeing tree log corruption in production. This turned out to be because we were not writing out dirty bloc...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unaligned vmemmap start address in the book3s64/radix module, which could lead to memory management error...

PT-2025-22170 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A issue in the Linux kernel has been identified where the slab-obj exts is not properly cleaned up when memory allocation profiling is disabled, leading to potential errors such as "Ba...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unchecked return value of the inftlreadoob function, which could lead to a processing error...

The vulnerability of the Cisco Application Policy Infrastructure Controller, related to synchronization errors when using shared resources, allows a perpetrator to trigger a service failure.

The vulnerability of the Cisco Application Policy Infrastructure Controller, a component of the information infrastructure management tool, is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to cause service failures...

PT-2025-21767 · Imagination Technologies · Graphics Ddk

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue allows software installed and run as a non-privileged user to conduct improper GPU system calls, potentially triggering use-after-free kernel exceptions. Recommendations: At the...

Security update for open-vm-tools

This update for open-vm-tools fixes the following issues: Update to 12.5.2: Security fixes: CVE-2025-22247: Fixed Insecure file handling bsc1243106 Other fixes: Fixed GCC 15 compile time error bsc1241938 Fix building with containerd 1.7.25+ bsc1237147 Full changelog:...

Information Disclosure

oxid-esales/oxideshop-ce is vulnerable to information disclosure. The vulnerability is due to improper error handling and also Smarty syntax errors in CMS pages that may allow an attacker to access user information...

Forensics of Error Rates of Quantum Hardware

There has been a rise in third-party cloud providers offering quantum hardware as a service to improve performance at lower cost. Although these providers provide flexibility to the users to choose from several qubit technologies, quantum hardware, and coupling maps; the actual execution of the...

The vulnerability of the client_hdev() function in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the clienthdev function in the Linux operating system is related to memory management errors after memory is freed. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2025-47287

Summary: CVE-2025-47287 affects Tornado (Python Tornado) where the multipart/form-data parser can log an excessive amount of messages and continue parsing, causing a DoS due to synchronous logging. All versions prior to 6.5.0 are affected; a patch is available in Tornado 6.5.0/6.50. Affects: Torn...

The vulnerability of operating systems iPadOS and iOS, related to access control errors, allows attackers to disclose confidential information.

The vulnerability of iPadOS and iOS operating systems is related to access control errors. Exploiting this vulnerability can allow a malicious actor to disclose confidential information by connecting to the device...

Python 资源管理错误漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. Python suffers from a resource management error vulnerability that stems from improper error handling when using...

The vulnerability of the MS-EVEN protocol implementation (EventLog Remoting Protocol) in Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the MS-EVEN protocol EventLog Remoting Protocol for Windows operating systems is related to synchronization errors when using a shared resource “Race Condition”. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

Data Corruption

org.eclipse.jetty:jetty-server is vulnerable to Data Corruption. The vulnerability is due to improper buffer management caused by the incorrect release of a buffer when handling gzip errors during request body inflation, allows attackers to access sensitive data from other requests...

Alibaba Cloud Linux 3 : 0107: libXpm (ALINUX3-SA-2024:0107)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0107 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-43788: A vulnerability was found ...

The vulnerability of embedded software developed by Qualcomm, related to synchronization errors when using common resources (“Race Situation”), allows a violator to trigger a service failure.

The vulnerability of embedded Qualcomm software programs is related to synchronization errors when using a common resource “Race Situation”. Exploiting this vulnerability can allow an attacker to cause a service failure...