1907 matches found
CVE-2022-49522
In the Linux kernel, the following vulnerability has been resolved: mmc: jz4740: Apply DMA engine limits to maximum segment size Do what is done in other DMA-enabled MMC host drivers cf. host/mmci.c and limit the maximum segment size based on the DMA engine's capabilities. This is needed to avoid...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the qca8k switch not resetting the cpu port when the MTU is changed...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not limiting the maximum segment size based on the capabilities of the DMA engine, which could result in a DMA...
Amazon Linux 2 : python-jwcrypto (ALAS-2025-2763)
The version of python-jwcrypto installed on the remote host is prior to 0.4.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2763 advisory. JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cau...
PT-2025-8660 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A signed integer overflow issue has been identified in the Linux kernel, specifically in the ipv6 component, related to the l2tp ip6 sendmsg function. This occurs when the length len i...
Medium: python-jwcrypto
Issue Overview: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot o...
PT-2025-47992
Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 7.0.26 MongoDB Server versions prior to 8.0.13 MongoDB Server versions prior to 8.1.2 Description MongoDB Server may encounter an invariant failure during batched delete operations when processing documents. Th...
SUSE CVE-2023-28709
The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Added a check for the srqmaxsge attribute. The maxsge attribute is passed by the user and is inserted and used unchecked. Therefore, ensure that the value does not exceed the maximum allowed value before using it...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: PCI: kirin – A buffer overflow issue was addressed in kirinpcieparseport. Within kirinpcieparseport, the value of pcie-numslots is compared to pcie-gpioidreset.size which is equal to MAXPCISLOTS. This comparison is correct;...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Tracing: Consider the NULL character when validating the event length. strlen returns the length of a string excluding the null byte. If the string length equals the maximum buffer length, there will be no space left in the buffe...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mm: Avoid overflows in the dirty throttling logic. The dirty throttling logic relies on assumptions that dirty limits in PAGESIZE units fit within 32-bit boundaries so that various calculations can be performed within 64 bits. If...
Ubuntu: Security Advisory (USN-7206-4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-40725
PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated...
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2025-1106)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2025-20625
Name of the Vulnerable Software and Affected Versions run-llama/llama index version latestv0.12.15 Description A Denial of Service DoS issue has been identified in the KnowledgeBaseWebReader class due to inadequate secure coding practices. Specifically, the lack of proper implementation of the ma...
SUSE CVE-2024-57938
In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctpassociationinit While by default maxautoclose equals to INTMAX / HZ, one may set net.sctp.maxautoclose to UINTMAX. There is code in sctpassociationinit that can consequently...
Moderate: Red Hat Security Advisory: JBoss EAP XP 5.0 Update 1.0 release. See references for release notes.
JBoss EAP XP 5.0 Update 1.0 release. See references for release notes. JBoss EAP XP 5.0 Update 1.0 GA release. See references for release notes. Security Fixes: io.vertx/vertx-grpc: Vertx gRPC server does not limit the maximum message size CVE-2024-8391 For more details about the security issues,...
CVE-2024-57936
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Fix max SGEs for the Work Request Gen P7 supports up to 13 SGEs for now. WQE software structure can hold only 6 now. Since the max send sge is reported as 13, the stack can give requests up to 13 SGEs. This is causin...
AZL-55901 CVE-2024-57938 affecting package kernel for versions less than 6.6.76.1-1
In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctpassociationinit While by default maxautoclose equals to INTMAX / HZ, one may set net.sctp.maxautoclose to UINTMAX. There is code in sctpassociationinit that can consequently...