130 matches found
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access between the reset thread and the TM thread for reply queues. When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an inval...
kernel: cifs: Fix integer overflow while processing acdirmax mount option
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acdirmax mount option User-provided mount parameter acdirmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies...
kernel: cifs: Fix integer overflow while processing acregmax mount option
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acregmax mount option User-provided mount parameter acregmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies...
DRUPAL-CONTRIB-2025-063
This module enables you to allow users to include a second authentication method in addition to password authentication. The module doesn't sufficiently prevent the same TFA token within a 30 second window. This vulnerability is mitigated by the fact that an attacker must obtain a valid...
Ensure That a User Is Locked After a Specified Number of Login Failures
If a user fails to log in to the system for a specified number of consecutive times, the system locks the user. That is, the user is not allowed to log in to the system for a specified period of time to prevent malicious system password cracking. During the lockout period, any input is considered...
AZL-60288 CVE-2025-21962 affecting package kernel for versions less than 6.6.85.1-2
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing closetimeo mount option User-provided mount parameter closetimeo of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffi...
AZL-60324 CVE-2025-21964 affecting package kernel for versions less than 5.15.180.1-1
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acregmax mount option User-provided mount parameter acregmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies...
DEBIAN-CVE-2025-21963
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acdirmax mount option User-provided mount parameter acdirmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies...
DEBIAN-CVE-2025-21962
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing closetimeo mount option User-provided mount parameter closetimeo of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffi...
DEBIAN-CVE-2025-21964
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acregmax mount option User-provided mount parameter acregmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies...
UBUNTU-CVE-2025-21963
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acdirmax mount option User-provided mount parameter acdirmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies...
CVE-2025-21963 cifs: Fix integer overflow while processing acdirmax mount option
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acdirmax mount option User-provided mount parameter acdirmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies...
narayana: deadlock via multiple join requests sent to LRA Coordinator
A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of...
narayana: deadlock via multiple join requests sent to LRA Coordinator
A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of...
March 25, 2025—KB5053643 (OS Build 19045.5679) Preview
March 25, 2025—KB5053643 OS Build 19045.5679 Preview Support for Windows 10 has ended on October 14, 2025 After October 14, 2025, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows 10. Your PC will still work, but we...
Debian dla-4085 : tzdata - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4085 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4085-1 [email protected] https://www.debian.org/lts/security/...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost version 9.11.2 and prior versions 9.11.x and version 9.5.10 and prior versions 9.5.x. The vulnerability stems from a failure to protect the MFA code from...
CVE-2024-31151
A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The password string can be...
PT-2024-22620 · Levelone · Levelone Wbr-6012
Name of the Vulnerable Software and Affected Versions: LevelOne WBR-6012 affected versions not specified Description: A security issue exists due to hard-coded credentials in the web services of the affected device. This allows attackers to gain unauthorized access within the first 30 seconds aft...
GHSA-XMMM-JW76-Q7VG Keycloaks's One Time Passcode (OTP) is valid longer than expiration timeSeverity
A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds default. Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute. A one time passco...