SUSE CVE-2025-21977

In the Linux kernel, the following vulnerability has been resolved: fbdev: hypervfb: Fix hang in kdump kernel when on Hyper-V Gen 2 VMs Gen 2 Hyper-V VMs boot via EFI and have a standard EFI framebuffer device. When the kdump kernel runs in such a VM, loading the efifb driver may hang because of...

PT-2025-18437

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue in the Linux kernel allows for the disconnection of a TLS socket, which can lead to unexpected corner cases and a denial of service. This is caused by insufficient input...

The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, arises from improper restrictions on the visible layers of the user interface. This allows attackers to compromise the integrity of the protected information.

The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, is related to improper restrictions on the visible layers of the user interface. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of the protected informati...

The vulnerability of the SIEM systems’ load testing tool, Kraken Stress Testing Toolkit, arises from the improper use of Content Security Policy (CSP) protection mechanisms. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, is related to the improper use of Content Security Policy CSP protection mechanisms. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption when transmitting packet mapping information with an invalid header load size...

The vulnerability of the do_fp_load() function in the arch/powerpc/lib/sstep.c module, which is part of the PowerPC platform support for the Linux operating system, allows a hacker to trigger a service failure.

The vulnerability of the dofpload function in the arch/powerpc/lib/sstep.c module of the PowerPC platform supporting Linux operating systems is related to the distribution of resources without any restrictions or regulations. Exploiting this vulnerability could allow an attacker to cause a servic...

CVE-2025-3165

A vulnerability classified as critical has been found in thu-pacman chitu 0.1.0. This affects the function torch.load of the file chitu/chitu/backend.py. The manipulation of the argument ckptpath/quantckptdir leads to deserialization. An attack has to be approached locally...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the loadweightckpt function. An attacker can manipulate the deserialization process by providing malicious input to the PT File Handler component. Remediation There is no fixed version for lmdeploy...

CVE-2025-3162 InternLM LMDeploy PT File utils.py load_weight_ckpt deserialization

A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been classified as critical. Affected is the function loadweightckpt of the file lmdeploy/lmdeploy/vl/model/utils.py of the component PT File Handler. The manipulation leads to deserialization. Attacking locally is a requirement...

Scala Stream Collector 安全漏洞

Scala Stream Collector is a Snowplow open source collector for cloud-native web, mobile and event analytics. A security vulnerability exists in Scala Stream Collector versions prior to 3.3.0, which stems from the fact that sending an oversized load may cause the service to become unavailable...

PT-2025-14773 · Unknown · Thu-Pacman Chitu

Name of the Vulnerable Software and Affected Versions: thu-pacman chitu version 0.1.0 Description: A critical vulnerability has been found in thu-pacman chitu. This issue affects the torch.load function in the file chitu/chitu/backend.py. The manipulation of the ckpt path/quant ckpt dir argument...

Iglu Server 安全漏洞

Iglu Server is a RESTful schema registry open-sourced by Snowplow. A security vulnerability exists in Iglu Server version 0.13.0 and earlier, which stems from a malicious load that could cause the service to be unavailable...

PT-2025-14770 · Unknown · Internlm Lmdeploy

Name of the Vulnerable Software and Affected Versions: InternLM LMDeploy versions up to 0.7.1 Description: A critical issue was found in InternLM LMDeploy, affecting the function load weight ckpt of the file lmdeploy/lmdeploy/vl/model/utils.py in the component PT File Handler. The manipulation...

Iglu Server 安全漏洞

Iglu Server is a RESTful mode registry open-sourced by Snowplow. A security vulnerability exists in Iglu Server version 0.13.0 and earlier, which stems from the fact that sending an oversized load may cause the service to become unavailable...

kernel: KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state There are several problems with the way hyp code lazily saves the host's FPSIMD/SVE state, including: Host SVE being discarded unexpectedly due to inconsistent...

DEBIAN-CVE-2024-45700

Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An attacker can send specially crafted requests to the server, which will cause the server to allocate an excessive amount of memory and perform CPU-intensive decompression operations, ultimately leading t...

CVE-2024-45700

Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An attacker can send specially crafted requests to the server, which will cause the server to allocate an excessive amount of memory and perform CPU-intensive decompression operations, ultimately leading t...

UBUNTU-CVE-2025-21977

In the Linux kernel, the following vulnerability has been resolved: fbdev: hypervfb: Fix hang in kdump kernel when on Hyper-V Gen 2 VMs Gen 2 Hyper-V VMs boot via EFI and have a standard EFI framebuffer device. When the kdump kernel runs in such a VM, loading the efifb driver may hang because of...

DEBIAN-CVE-2025-30224

MyDumper is a MySQL Logical Backup Tool. The MySQL C client library libmysqlclient allows authenticated remote actors to read arbitrary files from client systems via a crafted server response to LOAD LOCAL INFILE query, leading to sensitive information disclosure when clients connect to untrusted...

Netty QUIC hash collision DoS attack

An issue was discovered in the codec. A hash collision vulnerability in the hash map used to manage connections allows remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections with colliding Source Connection IDs SCIDs. See...