Joomla! 1.5.x < 1.5.13 Automated Mail Timeout Bypass

According to its self-reported version, the detected Joomla! application version is 1.5.x prior to 1.5.13 and is affected by an automated mail timeout bypass. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No...

CVE-2023-33974 RIOT-OS vulnerable to Race Condition in SFR Timeout

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send multiple crafted frames to the device to trigger a race condition. The race condition invalidates assumptions...

CVE-2023-28320

A denial of service vulnerability exists in curl v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm and siglongjmp. When doi...

net-snmp security and bug fix update

5.8-27.0.1 - fix error index value when snmpget is used a proxy pass Orabug: 34905643 1:5.8-27 - fix memory leak due of proc file creating 2105957 - fix CVE-2022-44792 and CVE-2022-44793 2141901 and 2141905 - fix memory leak when ipv6 disable set to 1 2151537 - fix proxy timeout issue 2160723...

libcurl 资源管理错误漏洞

libcurl is a tool for transferring data from or to a server. A security vulnerability exists in libcurl that stems from allowing name resolution to timeout operations using alarm and siglongjmp, causing the application to crash...

kernel: blk-mq: avoid double ->queue_rq() because of early timeout

In the Linux kernel, the following vulnerability has been resolved: blk-mq: avoid double -queuerq because of early timeout David Jeffery found one double -queuerq issue, so far it can be triggered in VM use case because of long vmexit latency or preempt latency of vCPU pthread or long page fault ...

kernel: scsi: qla2xxx: Fix crash when I/O abort times out

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash when I/O abort times out While performing CPU hotplug, a crash with the following stack was seen: Call Trace: qla24xxprocessresponsequeue+0x42a/0x970 qla2xxx qla2x00startnvmemq+0x3a2/0x4b0 qla2xxx...

bind: sending specific queries to the resolver may cause a DoS

A flaw was found in Bind, where a resolver crash is possible. When stale cache and stale answers are enabled, the option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query...

Stop Spammers Security < 2023 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the payload below in any of the "Challenge...

kernel: blk-mq: avoid double ->queue_rq() because of early timeout

In the Linux kernel, the following vulnerability has been resolved: blk-mq: avoid double -queuerq because of early timeout David Jeffery found one double -queuerq issue, so far it can be triggered in VM use case because of long vmexit latency or preempt latency of vCPU pthread or long page fault ...

kernel: Bluetooth: When HCI work queue is drained, only queue chained work

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: When HCI work queue is drained, only queue chained work The HCI command, event, and data packet processing workqueue is drained to avoid deadlock in commit 76727c02c1e1 "Bluetooth: Call drainworkqueue before resetting...

kernel: tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout.

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpfastopenblackholetimeout. While reading sysctltcpfastopenblackholetimeout, it can be changed concurrently. Thus, we need to add READONCE to its readers...

kernel: driver core: Fix wait_for_device_probe() &#38; deferred_probe_timeout interaction

In the Linux kernel, the following vulnerability has been resolved: driver core: Fix waitfordeviceprobe & deferredprobetimeout interaction Mounting NFS rootfs was timing out when deferredprobetimeout was non-zero 1. This was because ipautoconfig initcall times out waiting for the network interfac...

bind: sending specific queries to the resolver may cause a DoS

A flaw was found in Bind, where a resolver crash is possible. When stale cache and stale answers are enabled, the option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query...

PT-2025-41059

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s block management queue blk-mq subsystem where a double queue rq call can occur due to early timeouts. This can be triggered in virtual machine use cas...

PT-2025-8518 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A data-race issue exists in the Linux kernel related to the sysctl tcp fastopen blackhole timeout variable. This issue occurs because the variable can be changed concurrently while bei...

CVE-2023-29163

When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Code injection

When UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2023-29163

Summary: CVE-2023-29163 affects F5 BIG-IP’s UDP profile when Idle Timeout is set to Immediate or 0, causing the Traffic Management Microkernel (TMM) to terminate and potentially DoS the system. The issue is a data-plane vulnerability that disrupts traffic as TMM restarts; exploitation is remote a...

K20145107: BIG-IP UDP profile vulnerability CVE-2023-29163

Security Advisory Description When a UDP profile with Idle Timeout set to Immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. CVE-2023-29163 Impact Traffic is disrupted while the TMM process restarts. This...