12256 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from unchecked sock4 and sock6 pointers, which could lead to null pointer dereferences...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not freeing socketdata, which could lead to a memory leak...
PT-2025-53050
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's mt76 mt7921 driver related to handling of transmit status txs in AMSDU Aggregated Multiple Small Data Units. If frames are aggregated in AMSDU, txs ma...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a possible loss of txs in AMSDU by mt76 mt7921, which could lead to SKB leaks and network pauses...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from insufficient space in the skb tail, which could lead to out-of-bounds access...
PT-2025-53238
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.5 Description The Linux kernel contains a flaw in the unix stream sendpage function related to a null-pointer dereference. This issue arises when handling sockets in a loop, potentially leading to a...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the use of an incorrect destructor function for the IPv6 request socket, which could lead to a memory leak...
SUSE CVE-2025-59529
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although CLIENTSMAX ...
kernel: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect()
A flaw was found in the TCP subsystem in tcpdisconnect of the Linux kernel.The server-side TCP Fast Open socket was reused as a new client before the TFO socket completes, leading to an information leak...
kernel: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect()
A flaw was found in the TCP subsystem in tcpdisconnect of the Linux kernel.The server-side TCP Fast Open socket was reused as a new client before the TFO socket completes, leading to an information leak...
PT-2026-2607
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The rose kill by device function in the Linux kernel incorrectly indexes an array, potentially leading to an out-of-bounds read or an invalid socket pointer dereference. The function...
SUSE CVE-2025-68161
The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostName configuration attribut...
Apache Log4j 2.x < 2.25.3 Missing TLS Hostname Verification Vulnerability - Windows
Apache Log4j is prone to a missing TLS hostname verification vulnerability in the socket appender. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Apache Log4j 2.x < 2.25.3 Missing TLS Hostname Verification Vulnerability - Linux
Apache Log4j is prone to a missing TLS hostname verification vulnerability in the socket appender. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Improper Validation of Certificate with Host Mismatch
Overview org.apache.logging.log4j:log4j-core is a logging library for Java. Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch due to the lack of TLS hostname verification in the SocketAppender component. An attacker can intercept or redirect...
GHSA-VC5P-V9HR-52MJ Apache Log4j does not verify the TLS hostname in its Socket Appender
The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName configuration attribute or the log4j2.sslVerifyHostName system property is set to true. This issue may allow a...
Apache Log4j does not verify the TLS hostname in its Socket Appender
The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName configuration attribute or the log4j2.sslVerifyHostName system property is set to true. This issue may allow a...
CVE-2025-68161
The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostName configuration attribut...
DEBIAN-CVE-2025-68161
The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostName configuration attribut...
AZL-72851 CVE-2025-59529 affecting package avahi 0.8-5
Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although CLIENTSMAX ...