11 matches found
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from xfrm not safely canceling the hash of the xfrmstate list in the xfrmstatedelete function. This...
SUSE CVE-2025-40215
In the Linux kernel, the following vulnerability has been resolved: xfrm: delete x-tunnel as we delete x The ipcomp fallback tunnels currently get deleted from the various lists and hashtables as the last user state that needed that fallback is destroyed not deleted. If a reference to that user...
UBUNTU-CVE-2025-40256
In the Linux kernel, the following vulnerability has been resolved: xfrm: also call xfrmstatedeletetunnel at destroy time for states that were never added In commit b441cf3f8c4b "xfrm: delete x-tunnel as we delete x", I missed the case where state creation fails between full initialization...
EUVD-2025-201201
In the Linux kernel, the following vulnerability has been resolved: xfrm: also call xfrmstatedeletetunnel at destroy time for states that were never added In commit b441cf3f8c4b "xfrm: delete x-tunnel as we delete x", I missed the case where state creation fails between full initialization...
CVE-2025-40215
In the Linux kernel, the following vulnerability has been resolved: xfrm: delete x-tunnel as we delete x The ipcomp fallback tunnels currently get deleted from the various lists and hashtables as the last user state that needed that fallback is destroyed not deleted. If a reference to that user...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from incomplete xfrm state deletion, which could lead to a resource leak...
UBUNTU-CVE-2025-39965
In the Linux kernel, the following vulnerability has been resolved: xfrm: xfrmallocspi shouldn't use 0 as SPI x-id.spi == 0 means "no SPI assigned", but since commit 94f39804d891 "xfrm: Duplicate SPI Handling", we now create states and add them to the byspi list with this value. xfrmstatedelete...
CVE-2025-8805
A vulnerability was determined in Open5GS up to 2.7.5. Affected by this issue is the function smfgsmstatewaitpfcpdeletion of the file src/smf/gsm-sm.c of the component SMF. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the publ...
Linux Distros Unpatched Vulnerability : CVE-2024-49953
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash caused by calling xfrmstatedelete twice The km.state is not checked in...
FreeBSD : Gitlab -- Multiple vulnerabilities (174e466b-1d48-11eb-bd0f-001b217b3468)
Gitlab reports : Path Traversal in LFS Upload Path traversal allows saving packages in arbitrary location Kubernetes agent API leaks private repos Terraform state deletion API exposes object storage URL Stored-XSS in error message of build-dependencies Git credentials persisted on disk Potential...
MediaWiki security bypass vulnerability (CNVD-2017-06567)
MediaWiki is a free and free web-based Wiki engine developed and maintained by the Wikimedia Foundation and MediaWiki volunteers, which can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki. A remote attacker can exploit t...