3397 matches found
CVE-2025-40777 A possible assertion failure when 'stale-answer-client-timeout' is set to '0'
If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...
CVE-2025-40777 A possible assertion failure when 'stale-answer-client-timeout' is set to '0'
If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...
UBUNTU-CVE-2025-40777
If a named caching resolver is configured with serve-stale-enable yes, and with stale-answer-client-timeout set to 0 the only allowable value other than disabled, and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or...
CVE-2025-53634
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyo...
Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout
Impact The HTTP Gateway processes headers, but with no timeout set. With a Slowloris attack, an attacker could cause Denial of Service DoS. Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommende...
UBUNTU-CVE-2025-38289
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Avoid potential ndlp use-after-free in devlosstmocallbk Smatch detected a potential use-after-free of an ndlp oject in devlosstmocallbk during driver unload or fatal error handling. Fix by reordering code to avoid...
Chall-Manager 安全漏洞
Chall-Manager is an open source project from CTFer.io open source. A security vulnerability exists in Chall-Manager versions prior to 0.1.4, which stems from an unset timeout on the HTTP gateway, which could lead to a denial of service triggered by a slow loris attack...
SUSE CVE-2025-38238
In the Linux kernel, the following vulnerability has been resolved: scsi: fnic: Fix crash in fnicwqcmplhandler when FDMI times out When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. On send completion, this causes an attempt to free the same fram...
CVE-2025-38238
In the Linux kernel, the following vulnerability has been resolved: scsi: fnic: Fix crash in fnicwqcmplhandler when FDMI times out When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. On send completion, this causes an attempt to free the same fram...
CVE-2025-38238 scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out
In the Linux kernel, the following vulnerability has been resolved: scsi: fnic: Fix crash in fnicwqcmplhandler when FDMI times out When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. On send completion, this causes an attempt to free the same fram...
CVE-2025-38238
CVE-2025-38238 : In the Linux kernel, the SCSI fnic driver (fnic_wq_cmpl_handler) crashes when both FDMI RHBA and RPA requests time out due to reusing the same frame to send ABTS for both. The root cause is the double-free of a frame on send completion. The fix allocates separate frames for RHBA ...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an FDMI timeout in fnicwqcmplhandler that causes a crash...
container-tools:rhel8 security update
aardvark-dns buildah cockpit-podman conmon containernetworking-plugins containers-common container-selinux criu crun fuse-overlayfs libslirp netavark oci-seccomp-bpf-hook podman 4.9.4-22.0.1 - Fixes issue of container created in cgroupv2 not start in cgroupv1 Orabug: 36136813 - Fixes container...
DEBIAN-CVE-2025-38094
In the Linux kernel, the following vulnerability has been resolved: net: cadence: macb: Fix a possible deadlock in macbhalttx. There is a situation where after THALT is set high, TGO stays high as well. Because jiffies are never updated, as we are in a context with interrupts disabled, we never...
UBUNTU-CVE-2025-38094
In the Linux kernel, the following vulnerability has been resolved: net: cadence: macb: Fix a possible deadlock in macbhalttx. There is a situation where after THALT is set high, TGO stays high as well. Because jiffies are never updated, as we are in a context with interrupts disabled, we never...
PT-2025-37205
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw within the ath10k driver where, in rare cases, the driver may lose connection with the PCIe bus. This can lead to system crashes during resuming due to...
Synchronous Access of Remote Resource without Timeout
Overview Affected versions of this package are vulnerable to Synchronous Access of Remote Resource without Timeout via the rekey and recovery key operations. An attacker can disrupt service availability by triggering uncontrolled cancellation actions during these processes, which can lead to deni...
Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP4)
This update for the Linux Kernel 5.14.21-15040024128 fixes several issues. The following security issues were fixed: CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inetcreate bsc1235231. CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing...
undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol
A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...
SUSE-SU-2025:20436-1 Security update for kernel-livepatch-MICRO-6-0_Update_2
This update for kernel-livepatch-MICRO-6-0Update2 fixes the following issues: - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inetcreate bsc1235231 - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing bsc1233708 - CVE-2024-50301: security/keys:...