1269 matches found
DEBIAN-CVE-2025-22036
In the Linux kernel, the following vulnerability has been resolved: exfat: fix random stack corruption after getblock When getblock is called with a bufferhead allocated on the stack, such as dompagereadpage, stack corruption due to bufferhead UAF may occur in the following race condition...
kernel: igb: Fix string truncation warnings in igb_set_fw_version
In the Linux kernel, the following vulnerability has been resolved: igb: Fix string truncation warnings in igbsetfwversion Commit 1978d3ead82c "intel: fix string truncation warnings" fixes '-Wformat-truncation=' warnings in igbmain.c by using kasprintf...
p5-Crypt-CBC -- Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Lib-Crypt-CBC project reports: Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case...
Yii does not prevent XSS in scenarios where fallback error renderer is used
Impact Affected versions of yiisoft/yii are vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Patches Upgrade yiisoft/yii to version 1.1.31 or higher. References - Git commit If you have any questions or comments about this advisory, contact us through...
GHSA-7R2V-8WXR-3CH5 Yii does not prevent XSS in scenarios where fallback error renderer is used
Impact Affected versions of yiisoft/yii are vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Patches Upgrade yiisoft/yii to version 1.1.31 or higher. References - Git commit If you have any questions or comments about this advisory, contact us through...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the fallback error renderer. An attacker can manipulate the output displayed to the user by injecting malicious scripts into the input that is reflected in error messages. Note: This is only exploitable ...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a problem when fuse falls back to readaheadfolio for pre-reading...
Unsafe `Deserialization` in `JsonPickleSerializer` Enables Remote Code Execution
Description A critical deserialization vulnerability exists in the llamaindex library’s JsonPickleSerializer component, enabling remote code execution RCE due to an insecure fallback to Python’s pickle module. When deserializing untrusted data, JsonPickleSerializer prioritizes pickle.loads, which...
DEBIAN-CVE-2024-6827
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...
UBUNTU-CVE-2024-6827
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...
Asio C++ Library lacks a fallback error code in the case of SSL_ERROR_SYSCALL
...
SUSE CVE-2025-1828
Crypt::Random Perl package 1.05 through 1.55 may use rand function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon egd service is not available Crypt::Random will default to use the insecure...
Linux Distros Unpatched Vulnerability : CVE-2023-31124
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cros...
Linux Distros Unpatched Vulnerability : CVE-2022-48721
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/smc: Forward wakeup to smc socket waitqueue after fallback When we replace TCP with SMC and a fallback occurs, there may be some socket waitqueue entries...
SUSE CVE-2022-49260
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - fix the aead software fallback for engine Due to the subreq pointer misuse the private context memory. The aead soft crypto occasionally casues the OS panic as setting the 64K page. Here is fix it...
DEBIAN-CVE-2025-21722
In the Linux kernel, the following vulnerability has been resolved: nilfs2: do not force clear folio if buffer is referenced Patch series "nilfs2: protect busy buffer heads from being force-cleared". This series fixes the buffer head state inconsistency issues reported by syzbot that occurs when...
CVE-2025-21722 nilfs2: do not force clear folio if buffer is referenced
In the Linux kernel, the following vulnerability has been resolved: nilfs2: do not force clear folio if buffer is referenced Patch series "nilfs2: protect busy buffer heads from being force-cleared". This series fixes the buffer head state inconsistency issues reported by syzbot that occurs when...
CVE-2025-21722
CVE-2025-21722 concerns the NILFS2 filesystem in the Linux kernel. When filesystem corruption triggers a read-only fallback, buffer state inconsistencies can occur: one path is when mark_buffer_dirty() marks data/metadata dirty but the buffer isn’t uptodate, and another path is nilfs_btree_propag...
CVE-2025-21722
In the Linux kernel, the following vulnerability has been resolved: nilfs2: do not force clear folio if buffer is referenced Patch series "nilfs2: protect busy buffer heads from being force-cleared". This series fixes the buffer head state inconsistency issues reported by syzbot that occurs when...
CVE-2025-21722 nilfs2: do not force clear folio if buffer is referenced
In the Linux kernel, the following vulnerability has been resolved: nilfs2: do not force clear folio if buffer is referenced Patch series "nilfs2: protect busy buffer heads from being force-cleared". This series fixes the buffer head state inconsistency issues reported by syzbot that occurs when...