PyTorch 缓冲区错误漏洞

PyTorch is a Python package open-sourced by PyTorch. PyTorch suffers from a buffer overflow vulnerability that stems from the failure of the function torch.nn.utils.rnn.padpackedsequence to properly validate the length size of input data, which can be exploited by an attacker to execute arbitrary...

PT-2025-13774 · Pytorch +1 · Pytorch +1

Name of the Vulnerable Software and Affected Versions: PyTorch version 2.6.0 Description: A critical issue has been identified, affecting the torch.nn.utils.rnn.pad packed sequence function, which can lead to memory corruption. This issue requires local access to exploit. Recommendations: For...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfcworkerwakeup bsc1225820. CVE-2024-27397: netfilter: nftables: use timestamp to check for set...

CVE-2024-12169

A vulnerability exists in RTU500 IEC 60870-5-104 controlled station functionality and IEC 61850 functionality, that allows an attacker performing a specific attack sequence to restart the affected CMU. This vulnerability only applies, if secure communication using IEC 62351-3 TLS is enabled...

The vulnerability in the module sound/core/seq/oss/seq_oss_synth.c of the Linux operating system allows a hacker to cause a service failure.

The vulnerability in the sound/core/seq/oss/seqosssynth.c module of the Linux operating system is related to synchronization errors when using a shared resource during the processing of SysEx messages. Exploiting this vulnerability can allow an attacker to cause a service failure...

Zoom Workplace App for iOS Denial of Service Vulnerability

Zoom Workplace App for iOS is an AI-first collaboration platform from Zoom Communications designed for iOS devices. A denial of service vulnerability exists in Zoom Workplace App for iOS, which stems from a misordered behavioral sequence, and can be exploited by an attacker to cause a denial of...

Timing attacks to guess password in lollms_authentication.py

Description The authenticateuser function in /server/endpoints/lollmsauthentication.py is vulnerable to timing attacks that can be exploited to: Enumerate valid usernames. Guess passwords incrementally by analyzing response time differences. Explanation of the vulnerability def...

SUSE SLES15 / openSUSE 15 Security Update : rubygem-rack (SUSE-SU-2025:0874-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0874-1 advisory. - CVE-2025-25184: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1237141 -...

Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: CVE-2025-25184: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1237141 CVE-2025-27111: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1238607...

SUSE-SU-2025:0874-1 Security update for rubygem-rack

This update for rubygem-rack fixes the following issues: - CVE-2025-25184: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1237141 - CVE-2025-27111: Fixed escape sequence injection vulnerability in rack leading to possible log injection bsc1238607 -...

Ubiquiti UniFi Protect Cameras Code Execution Vulnerability

Ubiquiti UniFi Protect Cameras is a line of security cameras from Ubiquiti Networks that support the UniFi Protect platform for centralized management with remote access, smart monitoring and more. A code execution vulnerability exists in Ubiquiti UniFi Protect Cameras that stems from improper...

CVE-2025-20115

A vulnerability in confederation implementation for the Border Gateway Protocol BGP in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to a memory corruption that occurs when a BGP update is created with a...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect initialization sequence, which could lead to a corrupted lock...

Datalust Seq 跨站请求伪造漏洞

Datalust Seq is a logging server from Datalust Australia. It is used to speed up diagnostics in complex, asynchronous and distributed applications. A cross-site request forgery vulnerability exists in Datalust Seq versions prior to 2024.3.13545, which stems from a lack of Content-Type validation,...

The vulnerability of the DNN CMS system, related to the improper implementation of the sequence of actions to be performed, allows a perpetrator to gain unauthorized access to the system’s functions.

The vulnerability of the DNN CMS system is related to the improper implementation of the sequence of actions to be performed. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the system’s functions...

DEBIAN-CVE-2024-58063

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: fix memory leaks and invalid access at probe error path Deinitialize at reverse order when probe fails. When initswvars fails, rtldeinitcore should not be called, specially now that it destroys the rtlwq workqueue...

Medium: microcode_ctl

Issue Overview: Improper Finite State Machines FSMs in Hardware Logic for some IntelR Processors may allow privileged user to potentially enable denial of service via local access. CVE-2024-31068 Sequence of processor instructions leads to unexpected behavior in the IntelR DSA V1.0 for some Intel...

CVE-2025-23410

GMOD Apollo is affected by a relative path traversal vulnerability in the web interface when uploading organism/sequence data. The root cause is that uploaded archives are unzip-inspected but not checked for path traversal in supported archive types, potentially allowing access to restricted path...

CVE-2025-23410 GMOD Apollo Relative Path Traversal

When uploading organism or sequence data via the web interface, GMOD Apollo will unzip and inspect the files and will not check for path traversal in supported archive types...

Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection

Summary Rack::Sendfile can be exploited by crafting input that includes newline characters to manipulate log entries. Details The Rack::Sendfile middleware logs unsanitized header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences such as newline...