Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: CVE-2024-44192: Fixed unexpected process crash due to processing maliciously crafted web content bsc1239863 CVE-2024-54467: Fixed data exilfration cross-origin due to a cookie management issue via a malicious website bsc1239864 Other fixes: ...

PT-2025-16714

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a mismatch in the increment and decrement of r count in the ksmbd module. This mismatch occurs because r count is only increased when there is an oplock break wai...

CVE-2024-10110

In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests...

RHEL 8 : mysql:8.0 (RHSA-2025:2882)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:2882 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries...

RHEL 8 : mysql:8.0 (RHSA-2025:2883)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:2883 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries...

PT-2025-16751

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue is related to the handling of SIOCBRADDIF and SIOCBRDELIF in the dev ioctl function, which can cause unnecessary RTNL dan...

LlamaIndex Improper Handling of Exceptional Conditions vulnerability

A vulnerability in the LangChainLLM class of the run-llama/llamaindex repository, version v0.12.5, allows for a Denial of Service DoS attack. The streamcomplete method executes the llm using a thread and retrieves the result via the getresponsegen method of the StreamingGeneratorCallbackHandler...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the /3/Parse endpoint. An attacker can exhaust all available threads, leading to a complete denial of service by sending multiple simultaneous requests. PoC python import threading impo...

Denial of Service (DoS)

Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Denial of Service DoS due to the ScheduledStatusReporter object being instantiated to run on the main thread of the tracking server. An attacker can block the main...

Aim Vulnerable to Denial of Service (DoS)

In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests...

CVE-2024-10110

In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests...

CVE-2024-10110

In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests...

CVE-2024-10110 Denial of Service in aimhubio/aim

In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests...

CVE-2024-10110 Denial of Service in aimhubio/aim

In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests...

CVE-2024-10110

The CVE-2024-10110 issue affects aimhubio/aim (version 3.23.0) where the ScheduledStatusReporter can be instantiated to run on the tracking server’s main thread, blocking it and causing DoS by making the server unresponsive to other requests. Multiple connected sources corroborate the description...

LlamaIndex 安全漏洞

LlamaIndex is a data framework for LLM applications from the LlamaIndex open source. A security vulnerability exists in LlamaIndex version v0.12.5 that stems from an unhandled thread exception and could lead to a denial of service attack...

H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint

A vulnerability in the /3/Parse endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simultaneous requests, an...

RLSA-2025:1671 Important: mysql security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date pars...

mysql: MySQL Server: Denial of service in Thread Pooling component

A flaw was found in MySQL Server Thread Pooling component. This vulnerability allows a denial of service DoS via network access through multiple protocols by an unauthenticated attacker...

Important: Red Hat Security Advisory: mysql:8.0 security update

An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...