CVE-2021-36410

A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function putepelhvfallback when running program dec265...

curl: `Curl_socketpair()` fallback vulnerable to man-in-the-middle attack

In Curlsocketpair in curl/lib/socketpair.c if the operating system lacks a native socketpair function, libcurl will create its own pair of sockets. To do this, libcurl first creates a listening socket, then it creates a client socket, which it then connects to the listening socket. During the tim...

Function Call With Incorrect Order of Arguments

Overview Affected versions of this package are vulnerable to Function Call With Incorrect Order of Arguments due to the incorrect handling of the SECRETKEYFALLBACKS configuration. An attacker can exploit this to sign sessions with stale keys, potentially impeding the transition to fresher keys...

Flask uses fallback key instead of current signing key

In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can be passed, and it expects the last top key in the list to be the most...

GHSA-4GRG-W6V8-C28G Flask uses fallback key instead of current signing key

In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can be passed, and it expects the last top key in the list to be the most...

AZL-77831 CVE-2025-47278 affecting package python-flask 1.1.1-4

Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can...

CVE-2025-47278

Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can...

CVE-2025-47278 Flask uses fallback key instead of current signing key

Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can...

CVE-2025-47278 Flask uses fallback key instead of current signing key

Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can...

CVE-2025-47278 Flask uses fallback key instead of current signing key

Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can...

kernel: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0

Incorrect mappings in vmappagesrangenoflush in the Linux kernel, may lead to memory corruption...

Flask 安全漏洞

Flask is a Python microframework for building web applications open-sourced by Pallets. A security vulnerability exists in Flask version 3.1.0 that stems from mishandling of the key fallback configuration, which could result in session signing with an expired key...

PT-2025-20926 · Flask +1 · Flask +1

Name of the Vulnerable Software and Affected Versions: Flask versions 3.1.0 Description: The issue arises from the incorrect handling of fallback key configuration in Flask, where the last fallback key is used for signing instead of the current signing key. This is due to Flask constructing the...

SUSE CVE-2025-37870

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: prevent hang on link training fail Why When link training fails, the phy clock will be disabled. However, in enablestreams, it is assumed that link training succeeded and the mux selects the phy clock, causing a...

DEBIAN-CVE-2025-37870

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: prevent hang on link training fail Why When link training fails, the phy clock will be disabled. However, in enablestreams, it is assumed that link training succeeded and the mux selects the phy clock, causing a...

UBUNTU-CVE-2025-37870

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: prevent hang on link training fail Why When link training fails, the phy clock will be disabled. However, in enablestreams, it is assumed that link training succeeded and the mux selects the phy clock, causing a...

Webex App for VDI not optimized

Webex App for VDI is working with fallback mode, instead of VDI-optimized mode...

SUSE CVE-2025-22036

In the Linux kernel, the following vulnerability has been resolved: exfat: fix random stack corruption after getblock When getblock is called with a bufferhead allocated on the stack, such as dompagereadpage, stack corruption due to bufferhead UAF may occur in the following race condition...

CBL Mariner 2.0 Security Update: coredns (CVE-2024-53259)

The version of coredns installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53259 advisory. - quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too...

AZL-62538 CVE-2025-22113 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid journaling sb update on error if journal is destroying Presently we always BUGON if trying to start a transaction on a journal marked with JBD2UNMOUNT, since this should never happen. However, while ltp running stress...