Ubuntu 18.04 LTS / 20.04 LTS : KMail vulnerabilities (USN-7731-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7731-1 advisory. Damian Poddebniak, Christian Dresen, Jens Mller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jrg Schwenk...

Ubuntu 14.04 LTS / 16.04 LTS : KDE PIM vulnerabilities (USN-7729-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7729-1 advisory. Damian Poddebniak, Christian Dresen, Jens Mller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jrg Schwenk...

Ubuntu 18.04 LTS : PIM Messagelib vulnerabilities (USN-7730-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7730-1 advisory. Damian Poddebniak, Christian Dresen, Jens Mller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jrg Schwenk discovered that P...

SUSE CVE-2025-38706

In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Check for rtd == NULL in sndsocremovepcmruntime sndsocremovepcmruntime might be called with rtd == NULL which will leads to null pointer dereference. This was reproduced with topology loading and marking a link as...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to untrusted library loading due to the GNU C library (CVE-2025-4802)

Summary The GNU C library is used by DataStage on Cloud Pak for Data as part of general processing. Vulnerability Details CVEID:CVE-2025-4802 DESCRIPTION: Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of...

CVE-2025-22441

In getContextForResourcesEnsuringCorrectCachedApkPaths of RemoteViews.java, there is a possible way to load arbitrary java code in a privileged context due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...

Russian APT28 Deploys "NotDoor" Outlook Backdoor Against Companies in NATO Countries

The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new Microsoft Outlook backdoor called NotDoor in attacks targeting multiple companies from different sectors in NATO member countries. NotDoor "is a VBA macro for Outlook designed to monitor incoming emails for a...

CVE-2025-38706

In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Check for rtd == NULL in sndsocremovepcmruntime sndsocremovepcmruntime might be called with rtd == NULL which will leads to null pointer dereference. This was reproduced with topology loading and marking a link as...

AZL-75161 CVE-2025-38706 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Check for rtd == NULL in sndsocremovepcmruntime sndsocremovepcmruntime might be called with rtd == NULL which will leads to null pointer dereference. This was reproduced with topology loading and marking a link as...

CVE-2025-38706

In CVE-2025-38706, the Linux kernel ASoC core vulnerability arises when snd_soc_remove_pcm_runtime() is called with rtd == NULL, leading to a NULL pointer dereference. The issue was reproduced during topology loading and marking a link as ignore due to a missing hardware component; on module remo...

CVE-2025-38706 ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()

In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Check for rtd == NULL in sndsocremovepcmruntime sndsocremovepcmruntime might be called with rtd == NULL which will leads to null pointer dereference. This was reproduced with topology loading and marking a link as...

CVE-2025-38706 ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()

In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Check for rtd == NULL in sndsocremovepcmruntime sndsocremovepcmruntime might be called with rtd == NULL which will leads to null pointer dereference. This was reproduced with topology loading and marking a link as...

Arbitrary Code Injection

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Arbitrary Code Injection via modification of the resources folder when the embeddedAsarIntegrityValidation...

CVE-2014-125127

The mikecao/flight PHP framework in versions prior to v1.2 is vulnerable to Denial of Service DoS attacks due to eager loading of request bodies in the Request class constructor. The framework automatically reads the entire request body on every HTTP request, regardless of whether the application...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to eager loading of request bodies in the Request constructor. An attacker can cause excessive memory consumption and potentially exhaust server resources by sending requests with...

CVE-2014-125127

The CVE-2014-125127 entry concerns the mikecao/flight PHP framework. Affected versions prior to v1.2 are vulnerable to Denial of Service due to eager loading of request bodies in the Request constructor, causing the framework to read the entire body on every HTTP request and risking memory exhaus...

CVE-2014-125127 Denial of Service (DoS) vulnerability in mikecao/flight

The mikecao/flight PHP framework in versions prior to v1.2 is vulnerable to Denial of Service DoS attacks due to eager loading of request bodies in the Request class constructor. The framework automatically reads the entire request body on every HTTP request, regardless of whether the application...

CVE-2014-125127 Denial of Service (DoS) vulnerability in mikecao/flight

The mikecao/flight PHP framework in versions prior to v1.2 is vulnerable to Denial of Service DoS attacks due to eager loading of request bodies in the Request class constructor. The framework automatically reads the entire request body on every HTTP request, regardless of whether the application...

PT-2025-35706

Name of the Vulnerable Software and Affected Versions: mikecao/flight versions prior to v1.2 Description: The mikecao/flight PHP framework is susceptible to Denial of Service DoS attacks. This is due to the eager loading of request bodies within the Request class constructor. The framework...

Flight 安全漏洞

Flight is a PHP microframework by Mike Cao's personal developer. A security vulnerability exists in versions prior to Flight v1.2, which stems from eager loading of the request body in the constructor of the Request class, which could lead to a denial-of-service attack...