Linux Distros Unpatched Vulnerability : CVE-2021-47123

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: iouring: fix ltout double free on completion race Always remove linked timeout on...

Linux Distros Unpatched Vulnerability : CVE-2022-49746

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dmaengine: imx-sdma: Fix a possible memory leak in sdmatransferinit If the function sdmaloadcontext fails, the sdmadesc will be freed, but the allocated desc-bd...

io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout

A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError...

OESA-2025-1925 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI If lpfcissueelsflogi fails and returns non-zero status, the node reference count ...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dmsmregisterthresholdcallback CVE-2022-50092 In the Linux kernel, the following vulnerability has been resolved: sched, cpuset: Fix dlcpubusy panic due to empty cs-cpusallowed...

NewStart CGSL MAIN 7.02 : httpd Multiple Vulnerabilities (NS-SA-2025-0132)

The remote NewStart CGSL host, running version MAIN 7.02, has httpd packages installed that are affected by multiple vulnerabilities: - Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications...

XSS.IS Cybercrime Forum Seized After Admin Arrested in Ukraine

XSS.IS has been seized after its admin was arrested in Ukraine, however its dark web and mirror domains only show a 504 Gateway Timeout error...

SUSE-SU-2025:02349-1 Security update for bind

This update for bind fixes the following issues: - Upgrade to release 9.20.11 - CVE-2025-40777: Fixed a possible assertion failure when stale-answer-client-timeout is set to 0. bsc1246548...

Security update for bind

This update for bind fixes the following issues: Upgrade to release 9.20.11 CVE-2025-40777: Fixed a possible assertion failure when stale-answer-client-timeout is set to 0. bsc1246548 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE CVE-2025-40777

If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...

ALPINE-CVE-2025-40777

If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...

DEBIAN-CVE-2025-40777

If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...

AZL-65553 CVE-2025-40777 affecting package bind for versions less than 9.20.15-1

If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...

USN-7641-1 bind9 vulnerability

It was discovered that Bind incorrectly handled configurations where the stale-answer-client-timeout option is set to 0. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service...

CVE-2025-40777 A possible assertion failure when 'stale-answer-client-timeout' is set to '0'

If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...

CVE-2025-40777 A possible assertion failure when 'stale-answer-client-timeout' is set to '0'

If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...

CVE-2025-40777

Summary: CVE-2025-40777 affects ISC BIND 9 where a named caching resolver configured with serve-stale-enable=yes and stale-answer-client-timeout=0 can abort due to an assertion failure while resolving a CNAME chain. Affected versions include BIND 9.20.0–9.20.10, 9.21.0–9.21.9, and 9.20.9-S1–9.20....

UBUNTU-CVE-2025-40777

If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...

CVE-2025-53634

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...

Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout

Impact The HTTP Gateway processes headers, but with no timeout set. With a Slowloris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommende...