3323 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unpurified configuration option in comedi:multiq3, which could lead to a task timeout...
Exploit for Deserialization of Untrusted Data in Facebook React
R2SAE - React2Shell Auto-Exploit A Firefox extension...
CVE-2025-9613
A vulnerability was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completion...
CVE-2025-22432
In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation...
October 14, 2025—KB5066782 (OS Build 20348.4294)
October 14, 2025—KB5066782 OS Build 20348.4294 Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices for the pa...
PT-2026-2507
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's networking subsystem related to handshake cancellations. Specifically, duplicate cancellation requests for the same handshake request can lead to a...
PCI-SIG PCI Express Integrity and Data Encryption 安全漏洞
PCI-SIG PCI Express Integrity and Data Encryption is a data encryption software from PCI-SIG, USA. A security vulnerability exists in PCI-SIG PCI Express Integrity and Data Encryption that stems from insufficient guidance for label reuse after a completion timeout, which could result in multiple...
CVE-2025-22432
In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-22432
In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation...
sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
...
CVE-2025-40281
In the Linux kernel, CVE-2025-40281 affects SCTP in net/sctp/transport.c, where a shift-out-of-bounds could occur in sctp_transport_update_rto if rto_alpha_max/rto_beta_max were very large. The fix adds a run-time test to prevent regressions and includes READ_ONCE() annotations since sysctl value...
vsock: Ignore signal/timeout on connect() if already established
...
CVE-2025-40248
In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect if already established During connect, acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect invoking vsocktransportcancelpkt -...
SUSE CVE-2025-40248
In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect if already established During connect, acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect invoking vsocktransportcancelpkt -...
CVE-2025-40248
In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect if already established During connect, acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect invoking vsocktransportcancelpkt -...
UBUNTU-CVE-2025-40248
In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect if already established During connect, acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect invoking vsocktransportcancelpkt -...
CVE-2025-40248
CVE-2025-40248 affects the Linux kernel vsock connect path, where signaling/timeout handling can race with established sockets, potentially causing use-after-free, sockmap state issues and linger behavior. Public advisories (MGASA-2026-0018 and vendor advisories) confirm a fix in kernel versions ...
CVE-2025-40248 vsock: Ignore signal/timeout on connect() if already established
In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect if already established During connect, acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect invoking vsocktransportcancelpkt -...
EUVD-2025-201209
In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect if already established During connect, acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect invoking vsocktransportcancelpkt -...
CVE-2025-40248 vsock: Ignore signal/timeout on connect() if already established
In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect if already established During connect, acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect invoking vsocktransportcancelpkt -...