Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that results from a temporary denial of service when processing beacon frames with an invalid IE header length...

webkitgtk: UI spoofing while Visiting a website that frames malicious content

A vulnerability was found in webkitgtk, where an issue was addressed with improved UI handling. Visiting a website that frames malicious content may lead to UI spoofing...

PT-2025-28437 · Wlan · Wlan

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A transient Denial of Service DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests. Recommendations: At the moment, there is no...

PT-2025-33548

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel's mwifiex driver related to the handling of disassociation frames when operating in concurrent Station STA and Access Point AP mode with host Machine...

CVE-2025-4821

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...

OESA-2025-1659 trafficserver security update

Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse, forward and transparent proxy and cache. Security Fixes: Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2...

CVE-2025-4820

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...

CVE-2025-4821 Incorrect congestion window growth by invalid ACK ranges

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...

CVE-2025-4821

CVE-2025-4821 affects Cloudflare’s quiche (QUIC) prior to 0.24.4. The issue is “Incorrect congestion window growth” caused by processing invalid ACK ranges. An unauthenticated remote attacker can complete a handshake, initiate a congestion-controlled transfer, and send ACK frames covering a large...

CVE-2025-4821 Incorrect congestion window growth by invalid ACK ranges

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: wifi: rtw88: Use ieee80211purgetxqueue to purge TX skb. When removing kernel modules using rmmod rtw888723cs rtw888703b rtw888723x rtw88sdio rtw88core, the driver uses skbqueuepurge to purge TX skb, but does not report the TX...

CVE-2025-40659

An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp...

"Vcd2df" -- Leveraging Data Science Insights for Hardware Security Research

In this work, we hope to expand the universe of security practitioners of open-source hardware by creating a bridge from hardware design languages HDLs to data science languages like Python and R through novel libraries that convert VCD value change dump files into data frames, the expected input...

Wireshark Analyzer 4.4.7

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. Thi...

CVE-2025-21463

Transient DOS while processing the EHT operation IE in the received beacon frame...

Local Frames: Exploiting Inherited Origins to Bypass Content Blockers

We present a study of how local frames i.e., iframes with non-URL sources like "about:blank" are mishandled by a wide range of popular Web security and privacy tools. As a result, users of these tools remain vulnerable to the very attack techniques they seek to protect against, including browser...

CVE-2025-37993

In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanclassallocatedev: initialize spin lock on device probe The spin lock txhandlingspinlock in struct mcanclassdev is not being initialized. This leads the following spinlock bad magic complaint from the kernel, eg. wh...

DEBIAN-CVE-2025-37993

In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanclassallocatedev: initialize spin lock on device probe The spin lock txhandlingspinlock in struct mcanclassdev is not being initialized. This leads the following spinlock bad magic complaint from the kernel, eg. wh...

CVE-2025-37993 can: m_can: m_can_class_allocate_dev(): initialize spin lock on device probe

In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanclassallocatedev: initialize spin lock on device probe The spin lock txhandlingspinlock in struct mcanclassdev is not being initialized. This leads the following spinlock bad magic complaint from the kernel, eg. wh...

Medium: jetty

Issue Overview: In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. CVE-2021-28165 Affected Packages: jetty Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FA...