CLSA-2025-1757963029 kernel-uek: Fix of 194 CVEs

rds: tcp: block BH in TCP callbacks - kexec: Improve & fix crashexcludememrange to handle overlapping ranges - module: correctly exit modulekallsymsoneachsymbol when fn != 0 - module: potential uninitialized return in modulekallsymsoneachsymbol - module: use RCU to synchronize findmodule -...

Bridging the Gap in Phishing Detection: a Comprehensive Phishing Dataset Collector

To combat phishing attacks -- aimed at luring web users to divulge their sensitive information -- various phishing detection approaches have been proposed. As attackers focus on devising new tactics to bypass existing detection solutions, researchers have adapted by integrating machine learning a...

Linux Distros Unpatched Vulnerability : CVE-2019-20090

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp...

Linux Distros Unpatched Vulnerability : CVE-2020-23912

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Bento4 through v1.6.0-637. A NULL pointer dereference exists in the function AP4StszAtom::GetSampleSize located in Ap4StszAtom.cpp. I...

Linux Distros Unpatched Vulnerability : CVE-2017-14639

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AP4VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, which causes a stack-based buffer underflow...

Linux Distros Unpatched Vulnerability : CVE-2018-14544

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There exists one invalid memory read bug in AP4SampleDescription::GetFormat in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a...

Metabase 0.41.x < 0.41.9 / 0.42.x < 0.42.6 / 0.43.x < 0.43.7 / 0.44.x < 0.44.5 / 1.41.x < 1.41.9 / 1.42.x < 1.42.6 / 1.43.x < 1.43.7 / 1.44.x < 1.44.5

The version of Metabase installed on the remote host is affected by multiple vulnerabilities: - a H2 Sample Database Remote Code Execution RCE, which can be abused by users able to write SQL queries on the H2 databases. Metabase fixed this issue to no longer allow DDL statements in H2 native...

Linux Distros Unpatched Vulnerability : CVE-2025-39686

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - comedi: Make insnrwemulatebits do insn-n samples The insnrwemulatebits function is used as a default handler for INSNREAD instructions for subdevices that have ...

CVE-2025-39686 comedi: Make insn_rw_emulate_bits() do insn->n samples

In the Linux kernel, the following vulnerability has been resolved: comedi: Make insnrwemulatebits do insn-n samples The insnrwemulatebits function is used as a default handler for INSNREAD instructions for subdevices that have a handler for INSNBITS but not for INSNREAD. Similarly, it is used as...

Malicious code in sample-package02 (npm)

The package sample-package02 was found to contain malicious code...

MAL-2025-45953 Malicious code in sample-package02 (npm)

The package sample-package02 was found to contain malicious code...

Sitecore XP Insecure Deserialization (SC2025-005)

The version of Sitecore XP running on the remote host is affected by an insecure deserialization vulnerability. Sitecore deployments using the sample key provided with deployment instructions for XP 9.0 or earlier and Active Directory 1.4 are potentially vulnerable to an insecure ViewState...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from the insn-n sample not being handled by the insnrwemulatebits function of the comedi module...

A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header function at src/ircam.c:164 during sample rate processing, leading to memory corruption and potential code execution.

...

PT-2025-40083

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the DAMON Data Access MONitor module’s RECLAIM and LRU SORT components. These modules lack validation of user-configured parameters during...

CVE-2025-57612

An issue was discovered in rust-ffmpeg 0.3.0 after comit 5ac0527 Null pointer dereference vulnerability in the name method allows an attacker to cause a denial of service. The vulnerability exists because the method fails to check for a NULL return value from the avgetsamplefmtname C function,...

CVE-2025-57612

An issue was discovered in rust-ffmpeg 0.3.0 after comit 5ac0527 Null pointer dereference vulnerability in the name method allows an attacker to cause a denial of service. The vulnerability exists because the method fails to check for a NULL return value from the avgetsamplefmtname C function,...

ffmpeg 安全漏洞

ffmpeg is a rust library by meh.individual developer. A security vulnerability exists in ffmpeg version 0.3.0, which stems from the name method not checking the avgetsamplefmtname return value, which could lead to null pointer dereference and denial of service...

CVE-2025-57612

An issue was discovered in rust-ffmpeg 0.3.0 after comit 5ac0527 Null pointer dereference vulnerability in the name method allows an attacker to cause a denial of service. The vulnerability exists because the method fails to check for a NULL return value from the avgetsamplefmtname C function,...

CVE-2025-57612

The CVE-2025-57612 issue affects rust-ffmpeg 0.3.0 (after commit 5ac0527) where name() can dereference NULL when av_get_sample_fmt_name() returns NULL for an unrecognized sample format, leading to denial of service. Documented impact is a high-severity, network-exploitable vulnerability with avai...