drupwn

This is an offensive tool for Drupal enumeration and exploitation. The tool, named Drupwn, is designed to automate Drupal information gathering and exploitation. It can be run in two modes: enum and exploit. The enum mode allows performing enumerations, while the exploit mode allows checking and...

SUSE CVE-2025-38379

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix warning when reconnecting channel When reconnecting a channel in smb2reconnectserver, a dummy tcon is passed down to smb2reconnect with -queryinterface uninitialized, so we can't call queuedelayedwork on it. Fix...

SUSE CVE-2025-38374

In the Linux kernel, the following vulnerability has been resolved: optee: ffa: fix sleep in atomic context The OP-TEE driver registers the function notifcallback for FF-A notifications. However, this function is called in an atomic context leading to errors like this when processing asynchronous...

AZL-65741 CVE-2025-38457 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: net/sched: Abort tcmodifyqdisc if parent class does not exist Lion's patch 1 revealed an ancient bug in the qdisc API. Whenever a user creates/modifies a qdisc specifying as a parent another qdisc, the qdisc API will, during...

DEBIAN-CVE-2025-38374

In the Linux kernel, the following vulnerability has been resolved: optee: ffa: fix sleep in atomic context The OP-TEE driver registers the function notifcallback for FF-A notifications. However, this function is called in an atomic context leading to errors like this when processing asynchronous...

UBUNTU-CVE-2025-38392

In the Linux kernel, the following vulnerability has been resolved: idpf: convert control queue mutex to a spinlock With VIRTCHNL2CAPMACFILTER enabled, the following warning is generated on module load: 324.701677 BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578...

UBUNTU-CVE-2025-38374

In the Linux kernel, the following vulnerability has been resolved: optee: ffa: fix sleep in atomic context The OP-TEE driver registers the function notifcallback for FF-A notifications. However, this function is called in an atomic context leading to errors like this when processing asynchronous...

CVE-2025-38392

In the Linux kernel, the following vulnerability has been resolved: idpf: convert control queue mutex to a spinlock With VIRTCHNL2CAPMACFILTER enabled, the following warning is generated on module load: 324.701677 BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578...

CVE-2025-38392

CVE-2025-38392 (Linux kernel) describes a concurrency issue in the idpf driver where a control queue mutex (cq_lock) is held across operations that may sleep, triggering warnings during module load when VIRTCHNL2_CAP_MACFILTER is ON. The fix converts cq_lock from a mutex to a spinlock to avoid sl...

CVE-2025-38379

CVE-2025-38379 affects the Linux kernel SMB/CIFS client during channel reconnect in smb2_reconnect_server(). A dummy tcon passed to smb2_reconnect() had an uninitialized ->query_interface, causing queue_delayed_work() to be invoked on an incorrect tcon and triggering a kernel warning (seen in ...

CVE-2025-38379 smb: client: fix warning when reconnecting channel

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix warning when reconnecting channel When reconnecting a channel in smb2reconnectserver, a dummy tcon is passed down to smb2reconnect with -queryinterface uninitialized, so we can't call queuedelayedwork on it. Fix...

CVE-2025-38379 smb: client: fix warning when reconnecting channel

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix warning when reconnecting channel When reconnecting a channel in smb2reconnectserver, a dummy tcon is passed down to smb2reconnect with -queryinterface uninitialized, so we can't call queuedelayedwork on it. Fix...

CVE-2025-38374

In the Linux kernel, the following vulnerability has been resolved: optee: ffa: fix sleep in atomic context The OP-TEE driver registers the function notifcallback for FF-A notifications. However, this function is called in an atomic context leading to errors like this when processing asynchronous...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not checking IDXD work queue availability...

CVE-2025-36005

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the...

CVE-2025-33013

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Container could disclose sensitive information to a local user due to improper clearing of heap memory before release...

The vulnerability of the updateWifiInfo() function in the MQTT service of the TOTOLink T6 mesh-system’s microprogramming system allows a intruder to execute arbitrary code.

The vulnerability of the updateWifiInfo function in the MQTT service of the TOTOLink T6 mesh-system’s microprogramming system is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

IBM多款产品 信任管理问题漏洞

IBM MQ and others are products of International Business Machines IBM.IBM MQ is a messaging middleware product.IBM MQ Operator is a tool for managing the lifecycle of IBM MQ Queue Manager.IBM MQ Container CD is a containerized deployment solution for IBM MQ. A trust management issue vulnerability...

The vulnerability of the Work Provider Administration component of the application for accessing, organizing, and interacting with various types of work in the Oracle Universal Work Queue system—a business automation solution from Oracle E-Business Suite—allows a malicious actor to gain access to read, modify, add, or delete data.

The vulnerability of the Work Provider Administration component of the application for accessing, organizing, and interacting with various types of work in the Oracle Universal Work Queue system, a business automation solution from Oracle E-Business Suite, is related to deficiencies in access...

Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2025-24085)

Oracle E-Business Suite is a fully integrated set of global business management software from Oracle USA. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle Universal Work Queue of Oracle...