CVE-2023-54012

In the Linux kernel, the following vulnerability has been resolved: net: fix stack overflow when LRO is disabled for virtual interfaces When the virtual interface's feature is updated, it synchronizes the updated feature for its own lower interface. This propagation logic should be worked as the...

CVE-2023-54029 wifi: iwlwifi: fix iwl_mvm_max_amsdu_size() for MLO

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix iwlmvmmaxamsdusize for MLO For MLO, we cannot use vif-bssconf.chandef.chan-band, since that will lead to a NULL-ptr dereference as bssconf isn't used. However, in case of real MLO, we also need to take both LMA...

CVE-2023-54012 net: fix stack overflow when LRO is disabled for virtual interfaces

In the Linux kernel, the following vulnerability has been resolved: net: fix stack overflow when LRO is disabled for virtual interfaces When the virtual interface's feature is updated, it synchronizes the updated feature for its own lower interface. This propagation logic should be worked as the...

CVE-2023-54012

The CVE-2023-54012 vulnerability in the Linux kernel describes a stack overflow risk when LRO is disabled for virtual interfaces. The root cause is a recursive-like propagation of NETDEV_FEAT_CHANGE notifications between a parent team/bond interface and its lower interfaces, instead of a strictly...

CVE-2023-54012 net: fix stack overflow when LRO is disabled for virtual interfaces

In the Linux kernel, the following vulnerability has been resolved: net: fix stack overflow when LRO is disabled for virtual interfaces When the virtual interface's feature is updated, it synchronizes the updated feature for its own lower interface. This propagation logic should be worked as the...

PT-2025-52969

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to Large Receive Offload LRO handling for virtual interfaces. When LRO is disabled for team or bonding interfaces, a recursive notification...

PT-2025-53358

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

EUVD-2025-204849

LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs...

From Agent2Agent Prompt Injection to Runtime Self-Defense: How Wallarm Redefines Agentic AI Security

Is an AI-to-AI attack scenario a science fiction possibility only for blockbusters like the Terminator series of movies? Well, maybe not! Researchers recently discovered that one AI agent can “inject malicious instructions into a conversation, hiding them among otherwise benign client requests an...

Your Guide to PCI DSS 4.0.1 Web Application and API Controls with a Simplified Path to Compliance

Executive Summary PCI DSS 4.0.1 compliance mandates stricter security controls for web applications and APIs. Key updates include maintaining an inventory of custom software PCI 6.3.2 and managing payment page scripts to prevent skimming attacks PCI 6.4.3. Organizations must also adopt risk-based...

[SECURITY] Fedora 42 Update: NetworkManager-1.52.2-1.fc42

NetworkManager is a system service that manages network interfaces and connections based on user or automatic configuration. It supports Ethernet, Bridge, Bond, VLAN, Team, InfiniBand, Wi-Fi, mobile broadband WWAN, PPPoE and other devices, and supports a variety of different VPN services...

CVE-2025-14860

Use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 146.0.1...

CVE-2025-47319

CVE-2025-47319 describes information disclosure in Qualcomm embedded platform firmware caused by exposing internal TA-to-TA (Trusted Application to Trusted Application) communication APIs to HLOS (Host Linux Operating System). The CVE indicates a LOCAL attack vector with HIGH privileges required ...

CVE-2025-47319 Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS

Information disclosure while exposing internal TA-to-TA communication APIs to HLOS...

CVE-2025-47319 Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS

Information disclosure while exposing internal TA-to-TA communication APIs to HLOS...

EUVD-2025-204032

Information disclosure while exposing internal TA-to-TA communication APIs to HLOS...

[SECURITY] Fedora 43 Update: NetworkManager-1.54.3-2.fc43

NetworkManager is a system service that manages network interfaces and connections based on user or automatic configuration. It supports Ethernet, Bridge, Bond, VLAN, Team, InfiniBand, Wi-Fi, mobile broadband WWAN, PPPoE and other devices, and supports a variety of different VPN services...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 146.0.1, which stems from a post-release reuse of the Disability Access APIs component...

CVE-2025-34442

AVideo versions prior to 20.1 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...

EUVD-2025-203948

AVideo versions prior to 20.0 disclose absolute filesystem paths via multiple public API endpoints. Returned metadata includes full server paths to media files, revealing underlying filesystem structure and facilitating more effective attack chains...