CVE-2024-57802

In the Linux kernel, the following vulnerability has been resolved: netrom: check buffer length before accessing it Syzkaller reports an uninit value read from ax25cmp when sending raw message through ieee802154 implementation. ===================================================== BUG: KMSAN:...

CVE-2024-57802 netrom: check buffer length before accessing it

In the Linux kernel, the following vulnerability has been resolved: netrom: check buffer length before accessing it Syzkaller reports an uninit value read from ax25cmp when sending raw message through ieee802154 implementation. ===================================================== BUG: KMSAN:...

CVE-2024-57802 netrom: check buffer length before accessing it

In the Linux kernel, the following vulnerability has been resolved: netrom: check buffer length before accessing it Syzkaller reports an uninit value read from ax25cmp when sending raw message through ieee802154 implementation. ===================================================== BUG: KMSAN:...

CVE-2024-57900 ila: serialize calls to nf_register_net_hooks()

In the Linux kernel, the following vulnerability has been resolved: ila: serialize calls to nfregisternethooks syzbot found a race in ilaaddmapping 1 commit 031ae72825ce "ila: call nfunregisternethooks sooner" attempted to fix a similar issue. Looking at the syzbot repro, we have concurrent...

CVE-2024-57900 ila: serialize calls to nf_register_net_hooks()

In the Linux kernel, the following vulnerability has been resolved: ila: serialize calls to nfregisternethooks syzbot found a race in ilaaddmapping 1 commit 031ae72825ce "ila: call nfunregisternethooks sooner" attempted to fix a similar issue. Looking at the syzbot repro, we have concurrent...

CVE-2025-0442

CVE-2025-0442 involves Google Chrome’s Payments UI: an Inappropriate implementation vulnerability in Chrome prior to 132.0.6834.83 could allow UI spoofing via a crafted HTML page when a user performs specific UI gestures. Connected sources confirm the issue in Chromium/Chrome with this exact CVE ...

[SECURITY] Fedora 40 Update: perl-Net-OAuth-0.30-1.fc40

Perl implementation of OAuth, an open protocol to allow secure API authentication in a simple and standard method from desktop and web applications. In practical terms, a mechanism for a Consumer to request protected resources from a Service Provider on behalf of a user...

[SECURITY] Fedora 41 Update: perl-Net-OAuth-0.30-1.fc41

Perl implementation of OAuth, an open protocol to allow secure API authentication in a simple and standard method from desktop and web applications. In practical terms, a mechanism for a Consumer to request protected resources from a Service Provider on behalf of a user...

Moderate: Red Hat Security Advisory: libreswan security update

An update for libreswan is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 16 security fixes: 374627491 High CVE-2025-0434: Out of bounds memory access in V8. Reported by ddme on 2024-10-21 379652406 High CVE-2025-0435: Inappropriate implementation in Navigation. Reported by Alesandro Ortiz on 2024-11-18 382786791 High...

Google Chrome < 132.0.6834.83 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 132.0.6834.83. It is, therefore, affected by multiple vulnerabilities as referenced in the 202501stable-channel-update-for-desktop14 advisory. - Inappropriate implementation in Compositing in Google Chrome prior to...

CVE-2025-0405

A vulnerability was found in liujianview gymxmjpa 1.0 and classified as critical. This issue affects the function GoodsDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/GoodsController.java. The manipulation of the argument goodsName leads to sql injection. The attack may be...

CISA: February 2015/1st Edition - Presidential Policy Directive 21 Implementation: an Interagency Security Committee White Paper

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

CVE-2024-42173 HCL MyXalytics is affected by an improper password policy implementation vulnerability

HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known...

ROS-20250110-07

A vulnerability in the DNS server responsible for coredns name resolution is related to an incorrect implementation of the of caching. Exploitation of the vulnerability could allow a remote attacker to execute a spoofing attack. spoofing attack...

CVE-2025-22149

JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...

CVE-2025-22149 JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...

CVE-2025-22149 JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 9 security bugs in Chromium: CVE-2024-12693: Out of bounds memory access in V8 CVE-2024-12694: Use after free in Compositing CVE-2025-0436: Integer overflow in Skia CVE-2025-0437: Out of bounds read in Metrics CVE-2025-0438: Stack buffer overflo...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-7186-2)

"The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7186-2 advisory. Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type- confusion error. A physically proximate...