167 matches found
CVE-2025-40092 usb: gadget: f_ncm: Refactor bind path to use __free()
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Refactor bind path to use free After an bind/unbind cycle, the ncm-notifyreq is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer...
Subscription Health Dashboard 2025 Update
Deployment health is mission-critical in today’s digital environment. Duplicate records, ghost hosts, and stale data obscure insights, slow decisions, and erode confidence. Building on last year’s Subscription Health Dashboard blog and best practices, the 2025 update delivers cleaner visibility,...
EUVD-2021-13206
Malware in sbrugna...
EUVD-2024-32639
Malicious code in bioql PyPI...
EUVD-2023-35657
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-4076
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue...
CVE-2025-38511
In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Clear all LMTT pages on alloc Our LMEM buffer objects are not cleared by default on alloc and during VF provisioning we only setup LMTT PTEs for the actually provisioned LMEM range. But beyond that valid range we might...
CVE-2025-38511 drm/xe/pf: Clear all LMTT pages on alloc
In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Clear all LMTT pages on alloc Our LMEM buffer objects are not cleared by default on alloc and during VF provisioning we only setup LMTT PTEs for the actually provisioned LMEM range. But beyond that valid range we might...
PT-2025-33554
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw in the DRM/XE/PF subsystem related to the allocation of LMTT pages. LMEM buffer objects are not cleared by default during allocation, and during VF...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: iouring/uringcmd: unconditionally copy SQEs at prep time This isn't generally necessary, but conditions have been observed where SQE data is accessed from the original SQE after prep has been done and outside of the initial issue...
Linux Distros Unpatched Vulnerability : CVE-2023-31346
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests. CVE-2023-31346 Note that Nessus relies on t...
Astra Linux – Vulnerability in bind9
Client queries that trigger the delivery of stale data and also require lookups in local authoritative zone data may result in assertion failures. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1...
Qualys Performance Tuning Series: Remove Stale Compliance Data for the Best Performance
In our first post in the Performance Tuning Series, we talked about removing stale assets to improve performance. In this installment, we will address the benefits of removing data once it becomes stale. Why does data become stale? The IT environment of any enterprise is very dynamic, and more so...
Security Bulletin: IBM Technical Support Appliance - possible access to stale data
Summary Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests. Vulnerability Details CVEID:CVE-2023-31346 DESCRIPTION: AMD SEV-SNP Firmware could allow a local authenticated attacker to obtain sensitive information, caused by the failu...
MGASA-2024-0342 Updated bind packages fix security vulnerabilities
A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. CVE-2024-0760 Resolver caches and authoritative zone databases that...
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-2765)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-2545)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
kernel: serial: core: fix transmit-buffer reset and memleak
In the Linux kernel, the following vulnerability has been resolved: serial: core: fix transmit-buffer reset and memleak Commit 761ed4a94582 "tty: serialcore: convert uartclose to use ttyportclose" converted serial core to use ttyportclose but failed to notice that the transmit buffer still needs ...
CLSA-2024-1726583188 bind: Fix of 2 CVEs
CVE-2024-4076: avoid assertion failure from client queries triggering stale data and needing local zone lookups - CVE-2024-1975: remove support for SIG0 message verification...
bind: bind9: Assertion failure when serving both stale cache data and authoritative zone content
A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server...