H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint

A vulnerability in the /3/Parse endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simultaneous requests, an...

RLSA-2025:1671 Important: mysql security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date pars...

mysql: MySQL Server: Denial of service in Thread Pooling component

A flaw was found in MySQL Server Thread Pooling component. This vulnerability allows a denial of service DoS via network access through multiple protocols by an unauthenticated attacker...

Important: Red Hat Security Advisory: mysql:8.0 security update

An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: mysql:8.0 security update

An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Red Hat Product Security has rated thi...

mysql: MySQL Server: Denial of service in Thread Pooling component

A flaw was found in MySQL Server Thread Pooling component. This vulnerability allows a denial of service DoS via network access through multiple protocols by an unauthenticated attacker...

X.Org X Server 安全漏洞

X.Org X Server is an X Window System display server from the X.Org Foundation. A security vulnerability exists in X.Org X Server versions 20.11 through 21.1.16, which stems from the main thread failing to acquire a lock when modifying a data structure used by an input thread, potentially resultin...

CVE-2022-49737

CVE-2022-49737 affects X.Org X server 20.11–21.1.16. The issue is a race condition in the main thread where, when a client uses easystroke for mouse gestures, AttachDevice (dix/devices.c) accesses input-thread data structures without acquiring the input lock. This can enable data-structure modifi...

Security update for curl

This update for curl fixes the following issues: Update to 8.12.1: Bugfixes: asyn-thread: fix build with 'CURLDISABLESOCKETPAIR' asyn-thread: fix HTTPS RR crash asyn-thread: fix the returned bitmask from Curlresolvergetsock asyn-thread: survive a c-ares channel set to NULL cmake: always reference...

CVE-2025-25568

SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function. NOTE: the Supplier disputes this because the use-after-free is not in the VPN software, but is instead in a separate tool that has no untrusted input and runs under the user's o...

CVE-2024-10838

CVE-2024-10838 — Concrete details : The vulnerability affects Eclipse Cyclone DDS (DDS) and is due to an integer underflow in the DDS_Security_Deserialize_ methods during deserialization, which can enable an unauthenticated attacker to read out-of-bounds heap memory. The impact per documents incl...

btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount

...

ila: serialize calls to nf_register_net_hooks()

...

AZL-62534 CVE-2025-21825 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Cancel the running bpftimer through kworker for PREEMPTRT During the update procedure, when overwrite element in a pre-allocated htab, the freeing of oldelement is protected by the bucket lock. The reason why the bucket lock...

CVE-2024-58048

Multi-thread problem vulnerability in the package management module Impact: Successful exploitation of this vulnerability may affect availability...

Linux Distros Unpatched Vulnerability : CVE-2024-56613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: sched/numa: fix memory leak due to the overwritten vma-numabstate Problem Description When...

PT-2025-25841

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to the rseq feature. The issue occurs when the rseq cs field is non-zero during registration, which can cause a segfault on...

Linux Distros Unpatched Vulnerability : CVE-2024-44946

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kcm: Serialise kcmsendmsg for the same socket. syzkaller reported UAF in kcmrelease. 0 The scenario is 1. Thread A builds a skb with MSGMORE and sets kcm-seqskb...

Linux Distros Unpatched Vulnerability : CVE-2022-21680

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def may cause catastrophic backtracking against some strings and...

Linux Distros Unpatched Vulnerability : CVE-2022-48921

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix fault in reweightentity Syzbot found a GPF in reweightentity. This has been...