CVE-2025-37898 powerpc64/ftrace: fix module loading without patchable function entries

In the Linux kernel, the following vulnerability has been resolved: powerpc64/ftrace: fix module loading without patchable function entries getstubssize assumes that there must always be at least one patchable function entry, which is not always the case modules that export data but no code,...

SUSE CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

Security update for the Linux Kernel (Live Patch 62 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-122234 fixes several issues. The following security issues were fixed: CVE-2024-53156: wifi: ath9k: add range check for connrspepid in htcconnectservice bsc1234847. CVE-2024-50115: KVM: nSVM: Ignore nCR34:0 when loading PDPTEs from memory bsc1233019. Patch...

The vulnerability of the control panel of microprogrammed software for routers GL-A1300, GL-AX1800, GL-AXT1800, GL-MT3000, GL-MT2500, GL-MT6000, GL-MT1300, GL-MT300N-V2, GL-AR750S, GL-AR750, GL-AR300M, and GL-B1300 allows a hacker to gain unauthorized access to protected information, execute arbitrary code, and gain full control over the device.

The vulnerability of the control panel of microprogrammed software for routers GL-A1300, GL-AX1800, GL-AXT1800, GL-MT3000, GL-MT2500, GL-MT6000, GL-MT1300, GL-MT300N-V2, GL-AR750S, GL-AR750, GL-AR300M, and GL-B1300 is related to deficiencies in authentication procedures. Exploiting this...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the powerpc64/ftrace module not handling the unpatched function entry case, which could lead to a module...

K000151398: PyTorch vulnerability CVE-2025-32434

Security Advisory Description PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution RCE vulnerability exists in PyTorch when loading a model...

CVE-2025-4802

A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen, including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo, may incorrectly search LDLIBRARYPATH to determine which library to load, allowing a local attacker to load...

AZL-61873 CVE-2025-4802 affecting package glibc 2.35-10

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

UBUNTU-CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

CVE-2025-4802

CVE-2025-4802 affects the GNU C Library (glibc) versions 2.27–2.38. The issue is an untrusted LD_LIBRARY_PATH vulnerability that enables attacker-controlled loading of dynamically-linked libraries by statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlo...

GNU C Library 代码问题漏洞

The GNU C Library is an open source, free C language compiler from the GNU community released under the LGPL license. A code issue vulnerability exists in GNU C Library, which can be exploited by an attacker to cause dynamic shared library loading...

The vulnerability of the Kibana data visualization service, related to the unlimited loading of malicious files, allows attackers to upload harmful files.

The vulnerability of the Kibana data visualization service is related to the unlimited loading of malicious files. Exploiting this vulnerability allows a remote attacker to upload malicious files...

kernel: wifi: rtw88: always wait for both firmware loading attempts

A use-after-free flaw was found in the Linux kernel's mac80211-based wireless driver when firmware loading fails. This issue could allow a local user to crash the system as result of driver failure on an error path during power on...

CVE-2025-20155

A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system. This vulnerability is due to insufficient input validation of the bootstrap file that is read by the system software when a device is firs...

The vulnerability of the access point loading function in Cisco IOS XE wireless local control devices allows a attacker to execute arbitrary commands.

The vulnerability of the Cisco IOS XE wireless local area network controller’s Access Point AP loading function is related to the presence of a strictly encrypted JSON Web Token JWT. Exploiting this vulnerability allows an attacker to execute arbitrary commands by sending specially crafted HTTPS...

Citrix Profile Management: Temporary Profile Loading and Profile details not visible in Director

Temporary Profile Loading and Profile details not visible in Director...

gdk-pixbuf2 security update

An update is available for gdk-pixbuf2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gdk-pixbuf2 packages provide an image loading library that can be...

RLSA-2024:3834 Moderate: gdk-pixbuf2 security update

The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fixes: gdk-pixbuf2: heap memory corruption on gdk-pixbuf CVE-2022-48622 For more details about the security issues,...

CVE-2025-43851

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function in vr.py. In uvr , a new instance of...