Red Hat Quarkus 安全漏洞

Red Hat Quarkus is a wireless network from Red Hat, Inc. for optimizing Java specifically for containers and making it an efficient platform for serverless, cloud, and Kubernetes environments. A security vulnerability exists in Red Hat Quarkus that stems from a memory leak caused by a client...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. ctl is a tool of the FreeBSD Foundation . Provides SCSI target device emulation. A security vulnerability exists in Linux kernel that stems from the presence of data...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the timercycleus value of rzg2lwdt may be zero due to a 32-bit overflow, resulting in an invalid timeout val...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a timeout polling request that was not completed, leading to a request disclosure...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the spi fsi driver not implementing a timeout mechanism when polling states, which could lead to an infinite...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the bcmgenet driver not guaranteeing order during register reads and writes, which could lead to a transfer...

PT-2025-8737

Name of the Vulnerable Software and Affected Versions quarkus-resteasy extension affected versions not specified Description A flaw in the quarkus-resteasy extension causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released...

OESA-2025-1160 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Fix FSM command timeout issue When driver processes the internal state change command, it use an asynchronous thread to process the command...

OESA-2025-1159 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Fix FSM command timeout issue When driver processes the internal state change command, it use an asynchronous thread to process the command...

Exploit for Missing Authentication for Critical Function in Paloaltonetworks Pan-Os

CVE-2025-0108 - PAN-OS PoC SCRIPT /!\ Disclaimer: This...

The vulnerability of the setSSServer() function in the cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the setSSServer function in the cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming system is related to the lack of measures to sanitize input data when processing parameters such as password, port, and timeout. Exploiting this vulnerability allows a remote...

The vulnerability of the setSSServer() function in the cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the setSSServer function in the cstecgi.cgi script of the TOTOLINK X5000R router’s software is related to the lack of measures to sanitize input data when processing parameters such as password, port, and timeout. Exploiting this vulnerability could allow an attacker to execu...

RUSTSEC-2025-0015 Denial of Service via malicious Web Push endpoint

Prior to version 0.10.3, the built-in clients of the web-push crate eagerly allocated memory based on the Content-Length header returned by the Web Push endpoint. Malicious Web Push endpoints could return a large Content-Length without ever having to send as much data, leading to denial of servic...

Denial of Service via malicious Web Push endpoint

Prior to version 0.10.3, the built-in clients of the web-push crate eagerly allocated memory based on the Content-Length header returned by the Web Push endpoint. Malicious Web Push endpoints could return a large Content-Length without ever having to send as much data, leading to denial of servic...

CVE-2024-32354

TOTOLINK X5000R V9.1.0cu.2350B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi...

CVE-2025-25195 Zulip events can leak private channel names

Zulip is an open source team chat application. A weekly cron job added in 50256f48314250978f521ef439cafa704e056539 demotes channels to being "inactive" after they have not received traffic for 180 days. However, upon doing so, an event was sent to all users in the organization, not just users in...

PT-2025-16760

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.14.0-rc1-next-20250206-xfstests-dirty 726 Description A vulnerability in the Linux kernel has been resolved, which could cause a hung task if ext4 inode attach jinode fails in ext4 setattr. This failure prevent...

Unbreakable Enterprise kernel security update

5.4.17-2136.340.4.1 - RDS: avoid queueing delayed work on an offlined cpu Praveen Kumar Kannoju Orabug: 37566743 5.4.17-2136.340.4 - ftrace: use preemptenable/disable notrace macros to avoid double fault Koichiro Den - nfsd: restore callback functionality for NFSv4.0 NeilBrown - i2c: pnx: Fix...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: The state lock is taken during the txtimeout Reporter. The function mlx5esafereopenchannels requires the state lock to be taken. The changes referenced in the “Fixes” section removed the lock requirement to address...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduced a timeout when waiting for the transmitter to become empty By waiting for at most 1 second until the USR2TXDC is set, we can avoid a potential deadlock. In the event of a timeout, there’s not much we can d...