NewStart CGSL MAIN 7.02 : openssl Multiple Vulnerabilities (NS-SA-2025-0124)

The remote NewStart CGSL host, running version MAIN 7.02, has openssl packages installed that are affected by multiple vulnerabilities: - Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns durin...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to clean up /proc/net/rpc/nfs when initialization fails may result in a warning...

The vulnerability of the `core::fmt::write()` function in the arch/x86/Kconfig module of Linux kernel allows a hacker to trigger a service failure.

The vulnerability of the core::fmt::write function in the arch/x86/Kconfig module of Linux kernels is related to incorrect initialization of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the TTY driver in Linux operating systems allows a hacker to trigger a service failure.

The vulnerability of the TTY driver in Linux operating systems is related to incorrect initialization of resources. Exploiting this vulnerability can allow an attacker to cause service failures...

(0Day) Ashlar-Vellum Cobalt AR File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

The vulnerability of the functions xe_mmio_read() and xe_mmio_write() in the kernel module drivers/gpu/drm/xe/xepci.c of Linux operating systems allows a hacker to cause a service failure.

The vulnerability of the xemmioread and xemmiowrite functions in the drivers/gpu/drm/xe/xepci.c kernel module of Linux operating systems is related to improper initialization of resources. Exploiting this vulnerability can allow an attacker to cause service failures...

CVE-2025-52372

An issue in hMailServer v.5.8.6 allows a local attacker to obtain sensitive information via the hmailserver/installation/hMailServerInnoExtension.iss and hMailServer.ini components...

hMailServer 安全漏洞

hMailServer is an open source mail server from hMailServer Open Source. A security vulnerability exists in hMailServer version v5.8.6, which stems from improper handling of the hmailserver/installation/hMailServerInnoExtension.iss and hMailServer.ini components, which could lead to the disclosure...

SUSE-SU-2025:20483-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-57982: xfrm: state: fix out-of-bounds read during lookup bsc1237913. - CVE-2024-58053: rxrpc: Fix handling of received connection abort...

WordPress plugin Listly: Listicles For WordPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in the...

Improper Check for Unusual or Exceptional Conditions

Overview solady is an Optimized Solidity snippets. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the initialization process used by ERC4337Factory. An attacker can cause silent failures during contract deployment if the initialization...

CVE-2025-53638 Solady lacks extcodesize validation on implementation in ERC4337Factory

Solady is software that provides Solidity snippets with APIs. Starting in version 0.0.125 and prior to version 0.1.24, when an account is deployed via a proxy, using regular Solidity to call its initialization function may result in a silent failure, if the initialization function does not return...

Solady 代码问题漏洞

Solady is an application by Vectorized Personal Developers. A code issue vulnerability exists in versions of Solady prior to 0.1.24, which stems from an initialization function that may fail silently if it does not return a bool...

PT-2025-29938 · Solady · Solady

Name of the Vulnerable Software and Affected Versions: Solady versions 0.0.125 through 0.1.23 Description: Solady is software that provides Solidity snippets with APIs. When an account is deployed via a proxy, using regular Solidity to call its initialization function may result in a silent failu...

NVIDIA Container Toolkit 代码问题漏洞

NVIDIA Container Toolkit is a container toolkit from NVIDIA, Inc. It allows users to build and run GPU-accelerated containers. A code issue vulnerability exists in NVIDIA Container Toolkit that stems from a container initialization hook flaw that could lead to elevation of privilege, data...

kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()

In the Linux kernel, the following vulnerability has been resolved: misc/vmwvmci: fix an infoleak in vmcihostdoreceivedatagram struct vmcieventqp allocated by qpnotifypeer contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in...

Important: Red Hat Security Advisory: cloud-init security update

An update for cloud-init is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: cloud-init security update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fixes: cloud-init: Cloud init permissions flaw CVE-2024-6174 For more...

Measured is vulnerable to Path Traversal attacks during class initialization

Impact A path traversal vulnerability exists where an attacker with access to manipulate inputs when initializing the Measured::Cache::Json class would be able to instruct the library to read arbitrary files. Patches Users should update to the latest version...

GHSA-29G5-M8V7-V564 Measured is vulnerable to Path Traversal attacks during class initialization

Impact A path traversal vulnerability exists where an attacker with access to manipulate inputs when initializing the Measured::Cache::Json class would be able to instruct the library to read arbitrary files. Patches Users should update to the latest version...