PT-2025-35816

Name of the Vulnerable Software and Affected Versions: Adacore Ada Web Server AWS versions prior to 25.2 Description: The Adacore Ada Web Server AWS is susceptible to a denial-of-service DoS condition resulting from improper handling of SSL handshakes during connection initialization. The server...

CVE-2025-8614 NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

kernel: can: peak_usb: fix use after free bugs

In the Linux kernel, the following vulnerability has been resolved: can: peakusb: fix use after free bugs After calling peakusbnetifrxniskb, dereferencing skb is unsafe. Especially, the canframe cf which aliases skb memory is accessed after the peakusbnetifrxni. Reordering the lines solves the...

kernel: udp: Fix memory accounting leak.

A memory overflow vulnerability exists within the Linux kernel's networking subsystem. Specifically, an application can set the SORCVBUF socket option to its maximum value INTMAX, which triggers an integer overflow within the udprmemrelease function during socket closure. The udpdestructcommon...

PT-2025-38555

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the ax25 kiss rcv function where input skbs are not properly checked for sharing before being queued or manipulated. This can lead to skb-dev becoming...

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: netsched: hfsc: Fix a potential UAF in hfscdequeue too CVE-2025-37823 kernel: i40e: fix MMIO write access to an invalid page in i40eclearhw CVE-2025-38200 kernel: RDMA/iwcm: Fix...

Linux Distros Unpatched Vulnerability : CVE-2025-38618

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vsock: Do not allow binding to VMADDRPORTANY It is possible for a vsock to autobind to VMADDRPORTANY. This can cause a use-after-free when a connection is made ...

PT-2025-49727

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to a race condition in the sockmap functionality involving skb socket buffer reference counts. Specifically, a race can occur where skbs from the...

Linux Distros Unpatched Vulnerability : CVE-2025-38571

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over...

CVE-2025-9474

A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires a local approach...

Linux Distros Unpatched Vulnerability : CVE-2023-47641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the...

Linux Distros Unpatched Vulnerability : CVE-2022-25643

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket...

CVE-2024-58240

In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and return its result. We...

kernel: tls: always refresh the queue when reading sock

In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This unearthed a bug in TLS where we may try to operate on an old skb when checking if all skbs in the que...

Linux Distros Unpatched Vulnerability : CVE-2025-47792

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user...

Linux Distros Unpatched Vulnerability : CVE-2019-13611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket...

Linux Distros Unpatched Vulnerability : CVE-2020-25652

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in...

kernel: tls: always refresh the queue when reading sock

In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This unearthed a bug in TLS where we may try to operate on an old skb when checking if all skbs in the que...

CVE-2025-9474

A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. The attack requires a local approach...

CVE-2025-9474

CVE-2025-9474 affects Mihomo Party up to version 1.8.1 on macOS. The vulnerability is in the enableSysProxy function of src/main/sys/sysproxy.ts within the Socket Handler component and results in creation of a temporary file with insecure permissions. The attack is local in scope and described as...