CVE-2023-52969

MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11., and 11.0 through 11.0. can sometimes crash with an empty backtrace log. This may be related to makeaggrtablesinfo and optimizestage2...

CLSA-2025-1741216285 Fix CVE(s): CVE-2024-47175

SECURITY UPDATE: PPD injection issues - debian/patches/CVE-2024-47175.patch: sanitize make and model, PPDize preset and template names in cups/ppd-cache.c - CVE-2024-47175...

Security update for qemu

This update for qemu fixes the following issues: Update to version 8.2.5: target/loongarch: fix a wrong print in cpu dump ui/sdl2: Allow host to power down screen target/i386: fix SSE and SSE2 feature check target/i386: fix xsave.flat from kvm-unit-tests disas/riscv: Decode all of the pmpcfg and...

PT-2025-12358

Name of the Vulnerable Software and Affected Versions D-Link DSL-3788 revA1 version 1.01R1B036 EU EN Description The issue is related to a buffer overflow that can occur through the COMM MAKECustomMsg function of the webproc cgi. This function is part of the web procedure and can be exploited,...

Exploit for Improper Initialization in Linux Linux_Kernel

It is an offensive tool for Linux. The repository appears to be...

K000149183: PostgreSQL vulnerabilities CVE-2014-0064, CVE-2014-0065, CVE-2014-0066, and CVE-2014-0067

Security Advisory Description CVE-2014-0064 Multiple integer overflows in the pathin and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and...

PT-2025-30873

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the ATM CLIP module, specifically within the clip push function. A recursive call can occur under certain conditions, potentially leading to ...

UBUNTU-CVE-2024-49996

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix buffer overflow when parsing NFS reparse points ReparseDataLength is sum of the InodeType size and DataBuffer size. So to get DataBuffer size it is needed to subtract InodeType's size from ReparseDataLength. Function...

Oracle Linux 8 : emacs (ELSA-2024-6987)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6987 advisory. - org-file-contents: Consider all remote files unsafe CVE-2024-30205 - org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code CVE-2024-393...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the makeFromUrl and makeFromAny methods. An attacker can read local files or perform server-side request forgery by supplying malicious URLs. PoC php / @var \Czim\FileHandling\Storage\File\StorableFileFacto...

Cisco Expressway Edge Improper Authorization (cisco-sa-expressway-auth-kdFrcZ2j)

According to its self-reported version, Cisco Expressway Edge Improper Authorization is affected by a vulnerability. - A vulnerability in Cisco Expressway Edge Expressway-E could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due...

kernel: ipv6: Fix potential uninit-value access in __ip6_make_skb()

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix potential uninit-value access in ip6makeskb As it was done in commit fc1092f51567 "ipv4: Fix uninit-value access in ipmakeskb" for IPv4, check FLOWIFLAGKNOWNNH on fl6-flowi6flags instead of testing HDRINCL on the socket...

kernel: ipv4: Fix uninit-value access in __ip_make_skb()

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in ipmakeskb KMSAN reported uninit-value access in ipmakeskb 1. ipmakeskb tests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a race condition. If calling setsockopt2 with...

Malicious code in make-a-payment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d7572638a7f46c5aba994f56b064648453f7379d51eef18a8af23c44fa422403 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-7972 Malicious code in make-a-payment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d7572638a7f46c5aba994f56b064648453f7379d51eef18a8af23c44fa422403 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Cortex 安全漏洞

Cortex is a Cortex open source application. It provides horizontally scalable, high-availability, multi-tenant long-term storage. A security vulnerability exists in Cortex version 0.42.1 that stems from the presence of a TLS certificate validation issue that allows an attacker to obtain sensitive...

EulerOS 2.0 SP8 : sqlite (EulerOS-SA-2024-2052)

According to the versions of the sqlite packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file...

DEBIAN-CVE-2021-47579

In the Linux kernel, the following vulnerability has been resolved: ovl: fix warning in ovlcreatereal Syzbot triggered the following warning in ovlworkdircreate - ovlcreatereal: if !err && WARNON!newdentry-dinode The reason is that the cgroup2 filesystem returns from mkdir without instantiating t...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the cgroup2 filesystem not instantiating a new dentry when returning from mkdir...

RHEL 6 : postgresql (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - postgresql: Start scripts permit database administrator to modify root-owned files CVE-2017-15097 -...