Wireshark 4.2.x < 4.2.11 / 4.4.x < 4.4.4 DoS Vulnerability

The version of Wireshark installed on the remote Windows host is prior to 4.2.11 or 4.4.4. It is, therefore, affected by a vulnerability as referenced in the wireshark-4.2.11 advisory. - The Bundle Protocol and CBOR dissectors could crash. Fixed in master: 83c73a83ad Fixed in release-4.4:...

USN-7257-1: Kerberos vulnerability

Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl discovered that Kerberos incorrectly authenticated certain responses. An attacker able to intercept communications between a RADIUS client and server could possibly use this issue to forge responses, bypas...

Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2025-049)

The version of containerd installed on the remote host is prior to 1.7.25-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2025-049 advisory. Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an...

UBUNTU-CVE-2025-21678

In the Linux kernel, the following vulnerability has been resolved: gtp: Destroy device along with udp socket's netns dismantle. gtpnewlink links the device to a list in devnetdev instead of srcnet, where a udp tunnel socket is created. Even when srcnet is removed, the device stays alive on...

CVE-2025-24883

go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13...

Advisory ROSA-SA-2025-2567

software: curl 8.7.1 OS: ROSA-CHROME packageevrstring: curl-8.7.1-1 CVE-ID: CVE-2024-0853 BDU-ID: 2024-01014 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the TLS protocol implementation of the cURL command line utility is related to erroneous storage of the session ID as a result of a lack of...

SUSE-SU-2025:0144-1 Security update for git

This update for git fixes the following issues: - CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites bsc1235600. - CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers bsc1235601...

CVE-2025-21600

CVE-2025-21600 describes an Out-of-Bounds Read in Juniper’s routing protocol daemon (rpd) used by Junos OS and Junos OS Evolved. An unauthenticated, directly connected BGP peer sending a malformed BGP packet can crash and restart rpd, causing a DoS. Affected: iBGP/eBGP with any address family, fo...

CVE-2021-37577

Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core Specifications 2.1 through 5.3 may permit an unauthenticated man-in-the-middle attacker to identify the Passkey used during pairing by reflection of a crafted public key...

PT-2024-37490

Name of the Vulnerable Software and Affected Versions: Bluetooth affected versions not specified Description: The Bluetooth HCI has an issue with improper discarding in adv ext report. This issue affects the Bluetooth protocol. There is no information available about the estimated number of...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a security issue in l2capleflowctlinit in Bluetooth L2CAP...

AZL-37114 CVE-2024-2004 affecting package mysql for versions less than 8.0.40-1

When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been...

MGASA-2024-0085 Updated libreswan packages fix security vulnerabilities

The updated package fixes security vulnerabilities: pluto in Libreswan before 4.11 allows a denial of service responder SPI mishandling and daemon crash via unauthenticated IKEv1 Aggressive Mode packets. CVE-2023-30570 An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY...

LSN-0100-1 Kernel Live Patch Security Notice

It was discovered that the SMB network file sharing protocol implementation in the Linux kernel did not properly handle certain error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary...

CVE-2023-46838 Linux: netback processing of zero-length transmit fragment

Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translate...

PT-2023-31857 · Bluez +5 · Bluez +5

Name of the Vulnerable Software and Affected Versions: BlueZ affected versions not specified Description: This issue allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this issue, as the...

AZL-34964 CVE-2023-44487 affecting package local-path-provisioner for versions less than 0.0.21-12

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

Unable to Launch Desktop VDA with Rendezvous Protocol enabled.

Unable to launch the Desktop with Rendezvous Protocol enabled. Getting error as "Published Resource is not available currently. Contact your system admin for further assistance."...

The client and server don't support a common SSL protocol version or cipher suite

After updating the Server certificate binding to NetScaler SSL Virtual Server, customer is unable to access the SSL Virtual Server via Internet with below browser notification. While intranet access to it works fine. “Unsupported protocol. The client and server don't support a common SSL protocol...

Mitigation of M-07: Issue not mitigated

MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-07: Issue not mitigated Link to Issue: code-423n4/2023-03-asymmetry-findings765 Comments While the principal issue for M-07 described a de-peg scenario, which eventually was interpreted as a "black swan" event, I do think the...