CVE-2025-37993

In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanclassallocatedev: initialize spin lock on device probe The spin lock txhandlingspinlock in struct mcanclassdev is not being initialized. This leads the following spinlock bad magic complaint from the kernel, eg. wh...

DEBIAN-CVE-2025-37993

In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanclassallocatedev: initialize spin lock on device probe The spin lock txhandlingspinlock in struct mcanclassdev is not being initialized. This leads the following spinlock bad magic complaint from the kernel, eg. wh...

CVE-2025-37993 can: m_can: m_can_class_allocate_dev(): initialize spin lock on device probe

In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanclassallocatedev: initialize spin lock on device probe The spin lock txhandlingspinlock in struct mcanclassdev is not being initialized. This leads the following spinlock bad magic complaint from the kernel, eg. wh...

Medium: jetty

Issue Overview: In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. CVE-2021-28165 Affected Packages: jetty Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FA...

PT-2025-23152 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0-rc3 Description: A vulnerability in the Linux kernel has been resolved, related to the initialization of a spin lock in the m can classdev struct. The issue occurs when trying to send CAN frames, resultin...

A Systematic Classification of Vulnerabilities in MoveEVM Smart Contracts (MWC)

We introduce the MoveEVM Weakness Classification MWC system -- a dedicated vulnerability taxonomy for smart contracts built with Move and executed in EVM-compatible environments. While Move was originally designed to prevent common security flaws via linear resource types and strict ownership, it...

CVE-2024-20354

A vulnerability in the handling of encrypted wireless frames of Cisco Aironet Access Point AP Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the affected device. This vulnerability is due to incomplete cleanup of resources when dropping...

CVE-2024-20434

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on the control plane of an affected device. This vulnerability is due to improper handling of frames with VLAN tag information. An attacker could exploit this...

CVE-2024-6613

The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox 128 and Thunderbird 128...

CVE-2023-33105

Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number...

CVE-2023-35921

A vulnerability has been identified in SIMATIC MV540 H All versions V3.3.4, SIMATIC MV540 S All versions V3.3.4, SIMATIC MV550 H All versions V3.3.4, SIMATIC MV550 S All versions V3.3.4, SIMATIC MV560 U All versions V3.3.4, SIMATIC MV560 X All versions V3.3.4. Affected devices cannot properly...

CVE-2023-24820

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault...

CVE-2023-24823

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header...

CVE-2023-24818

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an...

CVE-2023-21659

Transient DOS in WLAN Firmware while processing frames with missing header fields...

CVE-2023-0780

Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev...

CVE-2023-1362

Improper Restriction of Rendered UI Layers or Frames in GitHub repository unilogies/bumsys prior to v2.0.2...

CVE-2023-33974

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send multiple crafted frames to the device to trigger a race condition. The race condition invalidates assumptions...

CVE-2022-24668

A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error after frame parsing but before frame handlin...

📄 ABB Cylon BACnet MS/TP Kernel Module mstp.ko Out-Of-Bounds Write

A buffer overflow vulnerability exists in the mstp.ko kernel module, responsible for processing BACnet MS/TP frames over serial RS485. The SendFrame function writes directly into a statically sized kernel buffer allocentry0x1f5 without validating the length of attacker-controlled data param5. If ...