kernel: scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFTID An error case exit from lpfccmplctcmdgftid results in a call to lpfcnlpput with a null pointer to a nodelist structure. Changed lpfccmplctcmdgftid to...

kernel: rxrpc: fix a race in rxrpc_exit_net()

In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix a race in rxrpcexitnet Current code can lead to the following race: CPU0 CPU1 rxrpcexitnet rxrpcpeerkeepaliveworker if rxnet-live rxnet-live = false; deltimersync&rxnet-peerkeepalivetimer;...

kernel: block: Fix possible memory leak for rq_wb on add_disk failure

In the Linux kernel, the following vulnerability has been resolved: block: Fix possible memory leak for rqwb on adddisk failure kmemleak reported memory leaks in deviceadddisk: kmemleak: 3 new suspected memory leaks unreferenced object 0xffff88800f420800 size 512: comm "modprobe", pid 4275, jiffi...

kernel: KVM: nVMX: missing IBPB when exiting from nested guest can lead to Spectre v2 attacks

A flaw was found in the KVM's Intel nested virtualization feature nVMX. Since L1 and L2 shared branch prediction modes guest-user and guest-kernel, KVM did not protect indirect branches in L1 from steering by a malicious agent in L2. This could allow a malicious nested guest to carry out Spectre ...

PT-2025-18619 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel. The problem occurs when the device add disk function fails, causing memory allocated in wbt enable default to not be...

Amazon Linux AMI : openldap (ALAS-2023-1741)

The version of openldap installed on the remote host is prior to 2.4.40-16.36. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1741 advisory. An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and...

SUSE-SU-2023:0868-2 Security update for python3

This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters bsc1208471. The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to...

The vulnerability of the Undertow web server, related to executing a loop with an unavailable exit condition, allows attackers to cause a service failure.

The vulnerability of the Undertow web server relates to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability can allow a malicious actor to cause service failures...

CVE-2023-28866

An out-of-bounds OOB memory access flaw was found in net/bluetooth/hcisync.c due to a missing exit patch while in loop in ampinit1 and ampinit2. This issue could allow an attacker to leak internal kernel information. Mitigation Mitigation for this issue is either not available or the currently...

PT-2023-20847 · Unknown · Delight Nashorn Sandbox

Name of the Vulnerable Software and Affected Versions: delight-nashorn-sandbox versions 0.2.4 through 0.2.5 Description: The issue allows for sandbox escape when allowExitFunctions is set to false. The loadWithNewGlobal function can be used to invoke the exit and quit methods, leading to the exit...

Delight Nashorn Sandbox 注入漏洞

Delight Nashorn Sandbox is a Java Delight open source sandbox for executing JavaScript in Java using Nashorn. A security vulnerability exists in Delight Nashorn Sandbox version 0.2.4, 0.2.5. An attacker exploiting this vulnerability can exit a Java process by calling the exit and quit methods usi...

CVE-2023-26919

delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is set to false, the loadWithNewGlobal function can be used to invoke the exit and quit methods to exit the Java process...

CVE-2023-26919

delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is set to false, the loadWithNewGlobal function can be used to invoke the exit and quit methods to exit the Java process...

CVE-2013-10024

A vulnerability has been found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version...

CVE-2013-10025

A vulnerability was found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is...

Cross site request forgery (csrf)

A vulnerability was found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is...

Information disclosure

A vulnerability has been found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version...

CVE-2013-10025

CVE-2013-10025 refers to a CSRF vulnerability in the Exit Strategy Plugin for WordPress, specifically the function exitpageadmin in exitpage.php . The issue affects version 1.55 and is exploitable remotely. Upgrading to version 1.59 removes the vulnerability; the patch is identified as d964b8e961...

CVE-2013-10025 Exit Strategy Plugin exitpage.php exitpageadmin cross-site request forgery

A vulnerability was found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is...

CVE-2013-10024 Exit Strategy Plugin exitpage.php information disclosure

A vulnerability has been found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version...