10077 matches found
CVE-2025-38078
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix race of buffer access at PCM OSS layer The PCM OSS layer tries to clear the buffer with the silence data at initialization or reconfiguration of a stream with the explicit call of sndpcmformatsetsilence with...
CVE-2025-38078 ALSA: pcm: Fix race of buffer access at PCM OSS layer
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix race of buffer access at PCM OSS layer The PCM OSS layer tries to clear the buffer with the silence data at initialization or reconfiguration of a stream with the explicit call of sndpcmformatsetsilence with...
CVE-2025-38063 dm: fix unconditional IO throttle caused by REQ_PREFLUSH
In the Linux kernel, the following vulnerability has been resolved: dm: fix unconditional IO throttle caused by REQPREFLUSH When a bio with REQPREFLUSH is submitted to dm, sendemptyflush generates a flushbio with REQOPWRITE | REQPREFLUSH | REQSYNC, which causes the flushbio to be throttled by...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a buffer access contention condition in the PCM OSS layer that could lead to reuse after release...
The vulnerability of the software implementation of the TLS protocol allows attackers to carry out “man-in-the-middle” attacks.
The vulnerability of the Mbed TLS software protocol implementation is related to the use of an uninitialized resource. Exploiting this vulnerability allows a remote attacker to perform “man-in-the-middle” attacks...
Cisco Meraki Z和Cisco Meraki MX 安全漏洞
The Cisco Meraki Z and Cisco Meraki MX are both products of Cisco, Inc.The Cisco Meraki Z is an enterprise-class firewall, VPN gateway, and router.The Cisco Meraki MX is a multifunction security and SD-WAN enterprise appliance. A security vulnerability exists in Cisco Meraki Z and Cisco Meraki MX...
Astra Linux – Vulnerability in OpenSSL
Issue summary: Clients that use RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because the handshake does not abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections that use raw...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Block: Fix for UAF when flushing RQ while iterating tags. The function blkmqclearFlushrqMapping is not called during SCIS probe. This issue is addressed by checking blkqueueinitdone. However, the flag QUEUEFLAGINITDONE is cleared...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Block: Fix to add folio to bio. A size of 4GB for folio is possible on some ARCHs, such as aarch64. A size of 16GB for hugepage is also supported. However, the “offset” of folio cannot be stored in “unsigned int”, which causes a...
OpenSSL 安全漏洞
OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...
TencentOS Server 3: cryptsetup (TSSA-2022:0008)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0008 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
CVE-2024-38823
Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport...
UBUNTU-CVE-2024-38823
Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport...
TED-LaST: Towards Robust Backdoor Defense against Adaptive Attacks
Deep Neural Networks DNNs are vulnerable to backdoor attacks, where attackers implant hidden triggers during training to maliciously control model behavior. Topological Evolution Dynamics TED has recently emerged as a powerful tool for detecting backdoor attacks in DNNs. However, TED can be...
The Security Overview and Analysis of 3GPP 5G MAC CE
To more effectively control and allocate network resources, MAC CE has been introduced into the network protocol, which is a type of control signaling located in the MAC layer. Since MAC CE lacks encryption and integrity protection mechanisms provided by PDCP, the control signaling carried by MAC...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through handling of RTP packets in the NewPacket function of packetfactory.go. An attacker can trigger a panic in the system by sending malformed RTP packets containing a padding size...
Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS)
Impact Pion Interceptor versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect users that use pion/interceptor. Patches Upgrade to v0.1.39 or later, which includes PR 338 which...
The vulnerability of the software-based TLS protocol implementation of Acronis Cyber Protect 16 allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of the software-based TLS protection implementation in Acronis Cyber Protect 16 lies in the insufficiently secure data encryption. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality and integrity of the protected information...
Gh0stEdit: Exploiting Layer-Based Access Vulnerability within Docker Container Images
Whitepaper called Gh0stEdit: Exploiting Layer-Based Access Vulnerability Within Docker Container Images...
ZIV IDF和ZIV ZLF 资源管理错误漏洞
The ZIV IDF and ZIV ZLF are both transformer differential protection relays from ZIV Spain. A resource management error vulnerability exists in ZIV IDF version v0.10.0-0C03-03 and ZLF version v0.10.0-0C03-04, which stems from mishandling of a TLS request and could result in a denial of service...