[SECURITY] Fedora 40 Update: python-h11-0.14.0-7.fc40

This is a little HTTP/1.1 library written from scratch in Python, heavily inspired by hyper-h2. It is a "bring-your-own-I/O" library; h11 contains no IO code whatsoever. This means you can hook h11 up to your favorite network API, and that could be anything you want: synchronous, threaded,...

[SECURITY] Fedora 42 Update: python-h11-0.14.0-7.fc42

This is a little HTTP/1.1 library written from scratch in Python, heavily inspired by hyper-h2. It is a "bring-your-own-I/O" library; h11 contains no IO code whatsoever. This means you can hook h11 up to your favorite network API, and that could be anything you want: synchronous, threaded,...

CVE-2025-47418

CVE-2025-47418 concerns Crestron Automate VX with versions 5.6.8161.21536–6.4.0.49. The issue is Exposure of Sensitive Information to an Unauthorized Actor, arising from a remote web API that enables recording functionality without visible indication. Remote recording can be enabled via a network...

PT-2025-19989 · Crestron · Crestron Automate Vx

Name of the Vulnerable Software and Affected Versions: Crestron Automate VX versions 5.6.8161.21536 through 6.4.0.49 Description: The issue allows for the exposure of sensitive information to an unauthorized actor, enabling functionality misuse. There is no visible indication when the system is...

SUSE CVE-2025-22006

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: Fix NAPI registration sequence Registering the interrupts for TX or RX DMA Channels prior to registering their respective NAPI callbacks can result in a NULL pointer dereference. This is seen in...

SUSE CVE-2022-49672

In the Linux kernel, the following vulnerability has been resolved: net: tun: unlink NAPI from device on destruction Syzbot found a race between tun file and device destruction. NAPIs live in struct tunfile which can get destroyed before the netdev so we have to del them explicitly. The current...

DEBIAN-CVE-2022-49672

In the Linux kernel, the following vulnerability has been resolved: net: tun: unlink NAPI from device on destruction Syzbot found a race between tun file and device destruction. NAPIs live in struct tunfile which can get destroyed before the netdev so we have to del them explicitly. The current...

UBUNTU-CVE-2024-57932

In the Linux kernel, the following vulnerability has been resolved: gve: guard XDP xmit NDO on existence of xdp queues In GVE, dedicated XDP queues only exist when an XDP program is installed and the interface is up. As such, the NDO XDP XMIT callback should return early if either of these...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference due to improper handling of NAPI strings after a live migration...

UBUNTU-CVE-2024-40937

In the Linux kernel, the following vulnerability has been resolved: gve: Clear napi-skb before devkfreeskbany gverxfreeskb incorrectly leaves napi-skb referencing an skb after it is freed with devkfreeskbany. This can result in a subsequent call to napigetfrags returning a dangling pointer. Fix...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure of the gverxfreeskb function of the gve component to properly clear napiskb, which could lead to t...

CVE-2024-2088 NextScripts: Social Networks Auto-Poster <= 4.4.3 - Authenticated(Subscriber+) Sensitive Information Exposure

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.3 via the 'nxsgetExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract...

CVE-2024-0088

NVIDIA Triton Inference Server for Linux contains a vulnerability in shared memory APIs, where a user can cause an improper memory access issue by a network API. A successful exploit of this vulnerability might lead to denial of service and data tampering...

CVE-2024-0088

CVE-2024-0088 affects the NVIDIA Triton Inference Server for Linux. The vulnerability resides in shared memory APIs, where a user can trigger an improper memory access via a network API, with potential consequences described as denial of service and data tampering. The NVIDIA security bulletin in...

SUSE CVE-2021-47215

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix crash in RX resync flow For the TLS RX resync flow, we maintain a list of TLS contexts that require some attention, to communicate their resync information to the HW. Here we fix list corruptions, by protecti...

Kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags

...

SUSE CVE-2021-21214

Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension...

Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84809)

Chrome is a web browsing tool developed by Google. A post-release reuse vulnerability exists in the Network API in versions of Google Chrome prior to 95.0.4638.54. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...

Google Chrome 资源管理错误漏洞

Chrome is a web browsing tool developed by Google. A post-release reuse vulnerability exists in the Network API in versions of Google Chrome prior to 95.0.4638.54. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...

CVE-2021-21214

Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension...