7491 matches found
DataChain 代码问题漏洞
DataChain is a version control software from Iterative open source. A code issue vulnerability exists in DataChain 0.34.1 and prior versions, which stems from failure to validate data when reading serialized objects from environment variables, which could lead to code execution...
Redis 代码注入漏洞
Redis is an open source, ANSI C, network-enabled, memory-based, persistent logging, key-value Key-Value storage database from Redis, Inc. that provides APIs in multiple languages. A code injection vulnerability exists in Redis 8.2.1 and earlier versions, which originates from allowing an...
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
...
PT-2025-40450
Name of the Vulnerable Software and Affected Versions DataChain versions 0.34.1 and below Description DataChain is a Python-based AI-data warehouse for transforming and analyzing unstructured data. The library reads serialized objects from environment variables, specifically DATACHAIN METASTORE a...
kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cmid destruction The commit 59c68ac31e15 "iwcm: free cmid resources on the last deref" simplified cmid resource management by freeing cmid once all references to the cmid were...
kernel: drm/gem: Acquire references on GEM handles for framebuffers
In the Linux kernel, the following vulnerability has been resolved: drm/gem: Acquire references on GEM handles for framebuffers A GEM handle can be released while the GEM buffer object is attached to a DRM framebuffer. This leads to the release of the dma-buf backing the buffer object, if any. 1...
kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cmid destruction The commit 59c68ac31e15 "iwcm: free cmid resources on the last deref" simplified cmid resource management by freeing cmid once all references to the cmid were...
UBUNTU-CVE-2022-50434
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix possible memleak when register 'hctx' failed There's issue as follows when do fault injection test: unreferenced object 0xffff888132a9f400 size 512: comm "insmod", pid 308021, jiffies 4324277909 age 509.733s hex dump...
kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cmid destruction The commit 59c68ac31e15 "iwcm: free cmid resources on the last deref" simplified cmid resource management by freeing cmid once all references to the cmid were...
CVE-2025-57348
The node-cube package prior to version 5.0.0 contains a vulnerability in its handling of prototype chain initialization, which could allow an attacker to inject properties into the prototype of built-in objects. This issue, categorized under CWE-1321, arises from improper validation of...
vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects
...
SUSE CVE-2025-39843
In the Linux kernel, the following vulnerability has been resolved: mm: slub: avoid wake up kswapd in settrackprepare settrackprepare can incur lock recursion. The issue is that it is called from hrtimerstartrangens holding the percpuhrtimerbasesn.lock, but when enabled CONFIGDEBUGOBJECTSTIMERS,...
UBUNTU-CVE-2025-39843
In the Linux kernel, the following vulnerability has been resolved: mm: slub: avoid wake up kswapd in settrackprepare settrackprepare can incur lock recursion. The issue is that it is called from hrtimerstartrangens holding the percpuhrtimerbasesn.lock, but when enabled CONFIGDEBUGOBJECTSTIMERS,...
CVE-2025-39850
In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix NPD in arp,neighreduce when using nexthop objects When the "proxy" option is enabled on a VXLAN device, the device will suppress ARP requests and IPv6 Neighbor Solicitation messages if it is able to reply on behalf of...
CVE-2025-39850 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects
In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix NPD in arp,neighreduce when using nexthop objects When the "proxy" option is enabled on a VXLAN device, the device will suppress ARP requests and IPv6 Neighbor Solicitation messages if it is able to reply on behalf of...
CVE-2025-39850 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects
In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix NPD in arp,neighreduce when using nexthop objects When the "proxy" option is enabled on a VXLAN device, the device will suppress ARP requests and IPv6 Neighbor Solicitation messages if it is able to reply on behalf of...
CVE-2025-39850 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects
In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix NPD in arp,neighreduce when using nexthop objects When the "proxy" option is enabled on a VXLAN device, the device will suppress ARP requests and IPv6 Neighbor Solicitation messages if it is able to reply on behalf of...
CVE-2025-39850
CVE-2025-39850 affects the Linux kernel vxlan implementation. When the VXLAN device runs with the proxy option enabled, ARP/IPv6 Neighbor Solicitation can be spuriously suppressed if the remote host’s MAC is not behind the any remote. The root cause is dereferencing an FDB nexthop entry that may ...
CVE-2025-39843 mm: slub: avoid wake up kswapd in set_track_prepare
In the Linux kernel, the following vulnerability has been resolved: mm: slub: avoid wake up kswapd in settrackprepare settrackprepare can incur lock recursion. The issue is that it is called from hrtimerstartrangens holding the percpuhrtimerbasesn.lock, but when enabled CONFIGDEBUGOBJECTSTIMERS,...
CVE-2025-39843 mm: slub: avoid wake up kswapd in set_track_prepare
In the Linux kernel, the following vulnerability has been resolved: mm: slub: avoid wake up kswapd in settrackprepare settrackprepare can incur lock recursion. The issue is that it is called from hrtimerstartrangens holding the percpuhrtimerbasesn.lock, but when enabled CONFIGDEBUGOBJECTSTIMERS,...