271 matches found
CVE-2025-37872
In the Linux kernel, the following vulnerability has been resolved: net: txgbe: fix memory leak in txgbeprobe error path When txgbeswinit is called, memory is allocated for wx-rsskey in wxinitrsskey. However, in txgbeprobe function, the subsequent error paths after txgbeswinit don't free the...
CVE-2025-46815
The identity infrastructure software ZITADEL offers developers the ability to manage user sessions using the Session API. This API enables the use of IdPs for authentication, known as idp intents. Following a successful idp intent, the client receives an id and token on a predefined URI. These id...
CVE-2024-11142
Cross-Site Request Forgery CSRF vulnerability in Gosoft Software Proticaret E-Commerce allows Cross Site Request Forgery. This issue affects Proticaret E-Commerce: before v6.0 NOTE: According to the vendor, fixing process is still ongoing for v4.05...
PT-2025-18629
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, specifically in the btrfs qgroup self tests. The issue occurred in the test no shared qgroup and test multiple refs tests, where if...
Security Bulletin: IBM Spectrum Protect Plus vulnerability discloses sensitive information due to unencrypted data in transit (CVE-2020-4497)
Summary IBM Spectrum Protect Plus does not encrypt data transfer between vSnap servers and application agents. This could allow an attacker to view senstive information in transit. Vulnerability Details CVEID:CVE-2020-4497 DESCRIPTION: IBM Spectrum Protect Plus discloses sensitive information due...
Security Bulletin: XSS vulnerability affects IBM Cloud Object Storage System (CVE-2021-39014)
Summary XSS vulnerability affects IBM Cloud Object Storage System CVE-2021-39014. This vulnerability has been addressed in the latest ClevOS releases. Vulnerability Details CVEID:CVE-2021-39014 DESCRIPTION: IBM Cloud Object System is vulnerable to stored cross-site scripting. This vulnerability...
CVE-2025-21899 tracing: Fix bad hist from corrupting named_triggers list
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix bad hist from corrupting namedtriggers list The following commands causes a crash: cd /sys/kernel/tracing/events/rcu/rcucallback echo 'hist:name=bad:keys=commonpid:onmaxbogus.savecommonpid' trigger bash: echo: write...
Security Bulletin: Denial of service vulnerability in IBM WebSphere Application Server Liberty may affect IBM Storage Protect Operations Center (CVE-2024-40094).
Summary IBM Storage Protect Operations Center may be affected by denial of service caused by failure to consider ExecutableNormalizedFields in Open-source GraphQL Java library used by IBM WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2024-40094 DESCRIPTION: GraphQL Java ak...
CVE-2025-21832 block: don't revert iter for -EIOCBQUEUED
In the Linux kernel, the following vulnerability has been resolved: block: don't revert iter for -EIOCBQUEUED blkdevreaditer has a few odd checks, like gating the position and count adjustment on whether or not the result is bigger-than-or-equal to zero where bigger than makes more sense, and not...
CVE-2025-21827
The CVE-2025-21827 entry is supported by connected sources describing a Linux kernel Bluetooth issue: Mediatek btusb lacked proper locking around usb_driver_claim_interface(), risking a NULL pointer dereference or an "Failed to claim iso interface" error when the code runs via the hci0 path durin...
Linux Distros Unpatched Vulnerability : CVE-2017-5443
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9,...
Linux Distros Unpatched Vulnerability : CVE-2018-14953
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mail message display page in SquirrelMail through 1.4.22 has XSS via a math xlink:href= attack. CVE-2018-14953 Note that Nessus relies on the presence of th...
Linux Distros Unpatched Vulnerability : CVE-2011-3637
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mstop function in fs/proc/taskmmu.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service OOPS via vectors that trigger an mstar...
CVE-2024-57986
CVE-2024-57986 – Linux kernel HID core issue : The vulnerability stems from HID core handling of Resolution Multipliers. The code assumes each Resolution Multiplier control resides in a Logical Collection; if none is found, multiplier_collection could be non-NULL, risking misapplied multipliers o...
CVE-2022-49503
In the Linux kernel, the following vulnerability has been resolved: ath9khtc: fix potential out of bounds access with invalid rxstatus-rskeyix The "rxstatus-rskeyix" eventually gets passed to testbit so we need to ensure that it is within the bitmap. drivers/net/wireless/ath/ath9k/common.c:46...
CVE-2022-49307 tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
In the Linux kernel, the following vulnerability has been resolved: tty: synclinkgt: Fix null-pointer-dereference in slgtclean When the driver fails at allochdlcdev, and then we remove the driver module, we will get the following splat: 25.065966 general protection fault, probably for non-canonic...
CVE-2022-49274
CVE-2022-49274 concerns an ocfs2 quota crash when mounting with quotas enabled in the Linux kernel. The connected Astra Linux entry reproduces the issue and provides the same symptom set and stack trace context. The root cause is that during dqi_gqlock initialization, the related dqi_type and dqi...
CVE-2022-49086
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix leak of nested actions While parsing user-provided actions, openvswitch module may dynamically allocate memory and store pointers in the internal copy of the actions. So this memory has to be freed while...
CVE-2024-57949 irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Don't enable interrupts in itsirqsetvcpuaffinity The following call-chain leads to enabling interrupts in a nested interrupt disabled section: irqsetvcpuaffinity irqgetdesclock rawspinlockirqsave --- Disable...
CVE-2024-45340
Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file...