GNU Binutils Denial of Service Vulnerability (CNVD-2025-21054)

GNU Binutils is a set of binary tools developed by the GNU Project, mainly used to deal with target files e.g., executables, libraries, etc., covering compilation, linking, debugging, and other phases of the function. A denial of service vulnerability exists in GNU Binutils, which arises from...

Oracle Linux 8 : curl (ELSA-2023-2963)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2963 advisory. - fix HTTP multi-header compression denial of service CVE-2023-23916 - smb/telnet: fix use-after-free when HTTP proxy denies tunnel CVE-2022-43552...

EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2023-1931)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when...

kernel: srcu: Tighten cleanup_srcu_struct() GP checks

In the Linux kernel, the following vulnerability has been resolved: srcu: Tighten cleanupsrcustruct GP checks Currently, cleanupsrcustruct checks for a grace period in progress, but it does not check for a grace period that has not yet started but which might start at any time. Such a situation...

PT-2025-25916 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A double free vulnerability in the Linux kernel on s390 architecture occurs when the fork system call fails after the initial task duplication and before the copy thread function is...

EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2023-1633)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when...

RHEL 8 : kernel (RHSA-2023:1841)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1841 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/ulp: use-after-free in listening UL...

Resizing tokenIds is wrong in CollectionBatchBuyOperator.execute()

Lines of code Vulnerability details Impact The implementation of resizing an array is wrong in assembly, so the length of the array tokenIds will be wrong. Proof of Concept In CollectionBatchBuyOperator.execute, tokenIds should be resized to tokensBought, and the implementation is as follows:...

RHEL 8 : kernel (RHSA-2023:1557)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1557 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: ALSA: pcm: Move rwsem lock inside...

RHEL 8 : kernel-rt (RHSA-2023:1556)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1556 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

Params of Lien struct are not emitted when lien is created making it difficult to track

Lines of code Vulnerability details Impact Protocol does not store any information about Lien. When users want to interact, they have to send the whole Lien struct along with lienId, and the protocol will verify if this data is correct by hash. This approach reduces onchain storage and can save a...

SUSE-SU-2023:1684-1 Security update for samba

This update for samba fixes the following issues: - CVE-2023-0922: Fixed Samba AD DC admin tool samba-tool sending passwords in cleartext bso15315 bsc1209481. The following non-security bug was fixed: - Prevent use after free of messagingctdbfdeev structs bso15293 bsc1207416...

CBL Mariner 2.0 Security Update: kernel (CVE-2023-0461)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-0461 advisory. - There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege...

Memory corruption

A flaw was found in the Linux kernel. A use-after-free may be triggered in asuskbdbacklightset when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the workstruct may be scheduled by...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1581)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLSA-2023-1678820199 Fix CVE(s): CVE-2022-43552

SECURITY UPDATE: HTTP Proxy deny use-after-free - debian/patches/CVE-2022-43552.patch: + smb/telnet: do not free the protocol struct in done. + conn: don't free easy handle data in handler-disconnect. - CVE-2022-43552...

EulerOS 2.0 SP9 : curl (EulerOS-SA-2023-1438)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP...

CVE-2023-0461

There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIGTLS or CONFIGXFRMESPINTCP has to be configured, but the operation does not require any privilege. There is a...

CVE-2023-0461 Use-after-free vulnerability in the Linux Kernel

There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIGTLS or CONFIGXFRMESPINTCP has to be configured, but the operation does not require any privilege. There is a...

CVE-2023-0461

There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIGTLS or CONFIGXFRMESPINTCP has to be configured, but the operation does not require any privilege. There is a...