CVE-2025-40226 firmware: arm_scmi: Account for failed debug initialization

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...

CVE-2025-40226 firmware: arm_scmi: Account for failed debug initialization

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...

EUVD-2025-201233

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unhandled debugging initialization failure that could lead to a null pointer dereference...

Fedora 43 : unbound (2025-90281e4554)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-90281e4554 advisory. Update to 1.24.2 rhbz2417261 - Additional fix for CVE-2025-11411 https://nlnetlabs.nl/projects/unbound/download/unbound-1-24-2 ---- Do not always initialize...

CLSA-2025-1764696522 libssh: Fix of 2 CVEs

CVE-2025-5372: fix inconsistent return value interpretation in sshkdf function to prevent uninitialized key buffers leading to SSH session compromise - CVE-2025-5987: fix missing error detection in ChaCha20 initialization that could leave cipher context partially uninitialized...

Insecure Default Initialization of Resource

Overview @modelcontextprotocol/sdk is a Model Context Protocol implementation for TypeScript Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the StreamableHTTPServerTransport or SSEServerTransport process when enableDnsRebindingProtection is not...

CLSA-2025-1764677738 lasso: Fix of CVE-2025-47151

CVE-2025-47151: fix type confusion vulnerability in the lassonodeimplinitfromxml functionality...

CVE-2025-65502

Null pointer dereference in addcacerts in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSLCTXgetcertstore returns NULL...

SUSE-SU-2025:4301-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38008: mm/pagealloc: fix race condition in unaccepted memory handling bsc1244939. - CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister...

ROS-20251128-07

Vulnerability of the vhostnewmsg function in the drivers/vhost/vhost.c module of the vhost driver of the Linux kernel is related to incorrect initialization of memory for messages transferred between guests. Linux kernel is related to incorrect memory initialization for messages transferred betwe...

SUSE-SU-2025:4272-1 Security update for gnutls

This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutlspkcs11tokeninit. bsc1254132...

Security update for gnutls

This update for gnutls fixes the following issues: CVE-2025-9820: Fixed buffer overflow in gnutlspkcs11tokeninit. bsc1254132 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comman...

Exploit for Code Injection in Pgadmin Pgadmin_4

CVE-2025-2945 – pgAdmin4 Authenticated RCE PoC This reposit...

SUSE-SU-2025:21052-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38008: mm/pagealloc: fix race condition in unaccepted memory handling bsc1244939. - CVE-2025-38539: trace/fgraph: Fix the warning caused by...

SUSE-SU-2025:21064-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38008: mm/pagealloc: fix race condition in unaccepted memory handling bsc1244939. - CVE-2025-38539: trace/fgraph: Fix the warning caused by...

kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails

A null pointer dereference exists in the linux kernel, such that when sfbinit fails qdisc is NULL, and it will cause gpf issue, leading to damage to the availability of the system...

CVE-2025-65503

Use after free in endpoint destructors in Redboltz asyncmqtt 10.2.5 allows local users to cause a denial of service via triggering SSL initialization failure that results in incorrect destruction order between iocontext and endpoint objects...

CVE-2025-63433

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...

EUVD-2025-198709

Null pointer dereference in addcacerts in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSLCTXgetcertstore returns NULL...