PT-2025-36275

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains an out-of-bounds bug in the rtl9300 i2c smbus xfer function. The data-block0 variable, sourced from user input, lacks proper validation, potentially leading t...

Linux Distros Unpatched Vulnerability : CVE-2025-9901

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsoup's caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : KMail Account Wizard vulnerability (USN-7732-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7732-1 advisory. It was discovered that KMail Account Wizard used HTTP rather than HTTPS when retrieving certain email server configurations. A...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly updating transfer values, which could lead to data corruption...

CVE-2024-49728

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-12973

Origin Validation Error vulnerability in Akinsoft OctoCloud allows HTTP Response Splitting, CAPEC - 87 - Forceful Browsing. This issue affects OctoCloud: from s1.09.01 before v1.11.01...

io_uring: drop any code related to SCM_RIGHTS

...

Potential iSCSI R2T PDU Vulnerability

...

Excessive resource consumption in net/http, net/textproto and mime/multipart

...

i2c: lpi2c: Avoid calling clk_get_rate during transfer

...

atm: clip: Fix NULL pointer dereference in vcc_sendmsg()

...

Denial of service due to improper 100-continue handling in net/http

...

drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func

...

scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()

...

CVE-2025-58056

Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters LF as a chunk-size line...

Linux Distros Unpatched Vulnerability : CVE-2017-15042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on...

CVE-2024-49728

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-49728

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible cross user media disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-49728

CVE-2024-49728 affects Android Bluetooth code via generateFileInfo in BluetoothOppSendFileInfo.java, enabling a confused deputy to cause cross-user media disclosure. The issue yields local information disclosure without additional privileges and does not require user interaction to exploit, per t...

Linux Distros Unpatched Vulnerability : CVE-2021-33037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstance...