CVE-2022-49837 bpf: Fix memory leaks in __check_func_call

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory leaks in checkfunccall kmemleak reports this issue: unreferenced object 0xffff88817139d000 size 2048: comm "testprogs", pid 33246, jiffies 4307381979 age 45851.820s hex dump first 32 bytes: 01 00 00 00 00 00 00 00...

FCGHunter: Towards Evaluating Robustness of Graph-Based Android Malware Detection

Graph-based detection methods leveraging Function Call Graphs FCGs have shown promise for Android malware detection AMD due to their semantic insights. However, the deployment of malware detectors in dynamic and hostile environments raises significant concerns about their robustness. While recent...

SAP NetWeaver AS ABAP Access Control (3554667)

The remote SAP NetWeaver ABAP server may be affected by an access control vulnerability. In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials fo...

CVE-2025-23186

In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...

CVE-2025-23186 Mixed Dynamic RFC Destination vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP

In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...

CVE-2025-23186

CVE-2025-23186 affects SAP NetWeaver Application Server ABAP. An authenticated attacker can craft an RFC request to restricted destinations, exposing credentials for a remote service and potentially fully compromising that remote service. Root cause cited in sources is improper access control aro...

CVE-2025-23186 Mixed Dynamic RFC Destination vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP

In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...

SAP Landscape Transformation 代码注入漏洞

SAP Landscape Transformation is a tool for system data migration and integration from SAP, Germany. A code injection vulnerability exists in SAP Landscape Transformation, which stems from a vulnerability in a function module exposed via an RFC that could lead to ABAP code injection...

PT-2025-15363 · Sap · Sap Netweaver Application Server Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP affected versions not specified Description: The issue allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, exposing credentials for a remote service...

PT-2025-14310

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue can occur in the hid ishtp cl remove function during the rmmod operation for the intel ishtp hid driver. This issue arises because the hid ishtp cl deinit function...

BIT-MYSQL-CLIENT-2023-52968

MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fixfieldsifneeded under mysqlderivedprepare when derived is not yet prepared, leading to a findfieldintable crash...

CVE-2025-21767

In the Linux kernel, the following vulnerability has been resolved: clocksource: Use migratedisable to avoid calling getrandomu32 in atomic context The following bug report happened with a PREEMPTRT kernel: BUG: sleeping function called from invalid context at kernel/locking/spinlockrt.c:48...

CVE-2022-49409

In the Linux kernel, the following vulnerability has been resolved: ext4: fix bugon in estreesearch Hulk Robot reported a BUGON: ================================================================== kernel BUG at fs/ext4/extentsstatus.c:199! ... RIP: 0010:ext4esend fs/ext4/extentsstatus.c:199 inline...

CVE-2022-49237

CVE-2022-49237 is resolved in the Linux kernel’s ath11k driver. The vulnerability stems from a missing of_node_put() after obtaining a device tree node via of_find_node_by_type() or of_parse_phandle(), where the node’s refcount is incremented but not decremented, causing a refcount leak. The impa...

CVE-2024-54198

In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call RFC request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely...

CVE-2024-57894

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-0068 Missing Authorization check in Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP

An obsolete functionality in SAP NetWeaver Application Server ABAP did not perform necessary authorization checks. Because of this, an authenticated attacker could obtain information that would otherwise be restricted. It has no impact on integrity or availability on the application...

CVE-2025-0068

CVE-2025-0068 is an information-disclosure vulnerability in SAP NetWeaver Application Server ABAP. The root cause is a missing authorization check in remote function calls (RFC), enabling an authenticated attacker to access restricted information. The impact is limited to confidentiality (no inte...

CVE-2025-0067

CVE-2025-0067 relates to SAP NetWeaver Application Server Java where a missing authorization check on service endpoints lets a user with a standard role create JCo connections used for remote function calls. The impact is described as low for confidentiality, integrity, and availability. Affected...

PT-2025-3578 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises from the potential invocation of rk hdptx phy runtime resume before platform set drvdata is executed in the -probe function, leading to a NULL pointer dereference when...