PT-2025-34154

Name of the Vulnerable Software and Affected Versions: Linksys RE6250 versions 1.0.013.001 through 1.2.07.001 Linksys RE6300 versions 1.0.013.001 through 1.2.07.001 Linksys RE6350 versions 1.0.013.001 through 1.2.07.001 Linksys RE6500 versions 1.0.013.001 through 1.2.07.001 Linksys RE7000 version...

Linux Distros Unpatched Vulnerability : CVE-2023-49786

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk prior to versions 18.20.1, 20.5.1, and 21.0.1; as well as certified-asteri...

PT-2025-33899 · Commvault · Commvault

Name of the Vulnerable Software and Affected Versions: Commvault versions prior to 11.36.60 Description: An issue was discovered in Commvault that allows remote attackers to exploit default credentials to gain administrative control during the brief period between installation and the first...

Linux Distros Unpatched Vulnerability : CVE-2023-32253

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Linux kernel's ksmbd component. A deadlock is triggered by sending multiple concurrent session setup requests, possibly leading to a...

Linux Distros Unpatched Vulnerability : CVE-2022-37325

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, and 19.x through 19.6.0, an incoming Setup message to addons/ooh323c/src/ooq931.c with a...

Tenda AC6 V5.0 missing initial setup authentication vulnerability

Talos Vulnerability Report TALOS-2025-2163 Tenda AC6 V5.0 missing initial setup authentication vulnerability August 20, 2025 CVE Number CVE-2025-24322 SUMMARY An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A...

DEBIAN-CVE-2025-38610

In the Linux kernel, the following vulnerability has been resolved: powercap: dtpmcpu: Fix NULL pointer dereference in getpdpoweruw The getpdpoweruw function can crash with a NULL pointer dereference when emcpuget returns NULL. This occurs when a CPU becomes impossible during runtime, causing...

CVE-2025-38585

In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmingetvarint When gmingetconfigvar calls efi.getvariable and the EFI variable is larger than the expected buffer size, two behaviors combine to create a stack buffer overflow...

CVE-2025-38561

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix PreauhHashValue race condition If client send multiple session setup requests to ksmbd, PreauhHashValue race condition could happen. There is no need to free sess-PreauhHashValue at session setup phase. It can be freed...

DEBIAN-CVE-2025-38562

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference error in generateencryptionkey If client send two session setups with krb5 authenticate to ksmbd, null pointer dereference error in generateencryptionkey could happen. sess-PreauthHashValue is...

DEBIAN-CVE-2025-38561

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix PreauhHashValue race condition If client send multiple session setup requests to ksmbd, PreauhHashValue race condition could happen. There is no need to free sess-PreauhHashValue at session setup phase. It can be freed...

UBUNTU-CVE-2025-38595

In the Linux kernel, the following vulnerability has been resolved: xen: fix UAF in dmabufexpfrompages dmabuffd fixes; no preferences regarding the tree it goes through - up to xen folks As soon as we'd inserted a file reference into descriptor table, another thread could close it. That's fine fo...

CVE-2025-38610 powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw()

In the Linux kernel, the following vulnerability has been resolved: powercap: dtpmcpu: Fix NULL pointer dereference in getpdpoweruw The getpdpoweruw function can crash with a NULL pointer dereference when emcpuget returns NULL. This occurs when a CPU becomes impossible during runtime, causing...

CVE-2025-38610

CVE-2025-38610 affects the Linux kernel powercap codebase, specifically the dtpm_cpu path. The vulnerability is caused by a NULL dereference in get_pd_power_uw() when em_cpu_get() returns NULL, which can occur if a CPU becomes unavailable at runtime and get_cpu_device() yields NULL, propagating t...

CVE-2025-38610

In the Linux kernel, the following vulnerability has been resolved: powercap: dtpmcpu: Fix NULL pointer dereference in getpdpoweruw The getpdpoweruw function can crash with a NULL pointer dereference when emcpuget returns NULL. This occurs when a CPU becomes impossible during runtime, causing...

CVE-2025-38571 sunrpc: fix client side handling of tls alerts

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tlsalertrecv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this patch proposes the...

CVE-2025-38562

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference error in generateencryptionkey If client send two session setups with krb5 authenticate to ksmbd, null pointer dereference error in generateencryptionkey could happen. sess-PreauthHashValue is...

CVE-2025-38562 ksmbd: fix null pointer dereference error in generate_encryptionkey

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference error in generateencryptionkey If client send two session setups with krb5 authenticate to ksmbd, null pointer dereference error in generateencryptionkey could happen. sess-PreauthHashValue is...

CVE-2025-38561 ksmbd: fix Preauh_HashValue race condition

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix PreauhHashValue race condition If client send multiple session setup requests to ksmbd, PreauhHashValue race condition could happen. There is no need to free sess-PreauhHashValue at session setup phase. It can be freed...

CVE-2025-38561

The CVE-2025-38561 entry describes a race condition in ksmbd (Linux kernel) where Preauh_HashValue could race if a client sends multiple session setup requests. The provided documents confirm the vulnerability and its fix: the Preauh_HashValue value should not be freed during the session setup ph...