MiracleLinux 9 : kernel-5.14.0-570.30.1.el9_6 (AXSA:2025-10778:57)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10778:57 advisory. kernel: media: uvcvideo: Fix double free in error path CVE-2024-57980 kernel: wifi: iwlwifi: limit printed string from FW file CVE-2025-21905 kerne...

CVE-2025-59398

The OCPP implementation in libocpp before 0.26.2 allows a denial of service EVerest crash via JSON input larger than 255 characters, because a CiString object is created with StringTooLarge set to Throw...

kernel-rt security update

An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...

FastAPI Guard has a regex bypass

Summary The regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this limit. Details In version 3.0.1, you can find a commit like the one in the link below, which was made to prevent ReDoS...

DEBIAN-CVE-2025-46727

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with...

CVE-2025-46727

Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, Rack::QueryParser parses query strings and application/x-www-form-urlencoded bodies into Ruby data structures without imposing any limit on the number of parameters, allowing attackers to send requests with...

CVE-2025-21905

CVE-2025-21905 refers to a Linux kernel issue in the iwlwifi path where a printed string from a firmware TLV could read beyond the buffer due to missing NUL-termination. The root cause is printing beyond the end of the TLV if the file isn’t NUL-terminated, potentially reading past the file buffer...

NetcPlus BrowseGate 2.80 - Denial of Service

NetcPlus BrowseGate 2.80 - Denial of Service source: https://www.securityfocus.com/bid/1702/info NetcPlus BrowseGate 2.80 will crash as the result of an invalid read error if a number of character strings consisting of 8 KB are inserted into GET request arguments through port 80. For example: GET...