12640 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-6827
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default...
kernel: xhci: handle isoc Babble and Buffer Overrun events properly
A flaw was found in the Linux kernel related to the Extensible Host Controller Interface xHCI subsystem, specifically how it handles certain events. The issue arises when the xHCI driver improperly handles isochronous isoc Babble and Buffer Overrun events. The vulnerability occurs because the xHC...
VTun-ng 安全漏洞
vtun-ng is an application by Jan-Espen Oversand Individual Developer. A security vulnerability exists in VTun-ng 3.0.17 and earlier versions, which stems from a failure in the initialization of the cryptographic module that could lead to a plaintext transfer...
Linux Distros Unpatched Vulnerability : CVE-2024-27409
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setup The...
CVE-2025-55014
The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP...
kernel: nvme-tcp: sanitize request list handling
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: sanitize request list handling Validate the request in nvmetcphandler2t to ensure it's not part of any list, otherwise a malicious R2T PDU might inject a loop in request list processing...
kernel: net: atm: fix use after free in lec_send()
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lecsend The -send operation frees skb so save the length before calling -send to avoid a use after free...
CVE-2025-54792
LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle MitM vulnerability in the software's discovery protocol allows an unauthenticated attacke...
The vulnerability in the FTP-server administrator web interface of Wing allows a hacker to increase their privileges.
The vulnerability in the FTP server administrator’s web interface of Wing is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...
"Energon": Unveiling Transformers from GPU Power and Thermal Side-Channels
Transformers have become the backbone of many Machine Learning ML applications, including language translation, summarization, and computer vision. As these models are increasingly deployed in shared Graphics Processing Unit GPU environments via Machine Learning as a Service MLaaS, concerns aroun...
CVE-2025-54792
LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an internet connection. In versions 1.16.1 and below, a critical Man-in-the-Middle MitM vulnerability in the software's discovery protocol allows an unauthenticated attacke...
freeFTPd 安全漏洞
freeFTPd is an open source FTP File Transfer Protocol server by freeFTPd. A security vulnerability exists in freeFTPd 1.0.10 and earlier versions, which stems from improper boundary checking when handling FTP PASS commands, and could lead to memory corruption and arbitrary code execution...
kernel: net: atm: fix use after free in lec_send()
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lecsend The -send operation frees skb so save the length before calling -send to avoid a use after free...
firefox: thunderbird: Incorrect URL stripping in CSP reports
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The username:password part is incorrectly stripped from URLs in CSP reports, potentially leaking HTTP Basic Authentication credentials...
SUSE CVE-2024-32663
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19...
GO-2025-3794 File Browser allows sensitive data to be transferred in URL in github.com/filebrowser/filebrowser
File Browser allows sensitive data to be transferred in URL in github.com/filebrowser/filebrowser...
tomcat: Apache Tomcat denial of service
A denial of service flaw was found in Apache Tomcat. An uncontrolled resource consumption vulnerability, where an HTTP/2 client fails to acknowledge the initial settings frame that reduces the maximum permitted concurrent streams, could result in a denial of service...
Exploit for SQL Injection in Progress Moveit_Cloud
CVE-2023-34362: Vulnerability Defense Package This repository...
No title provided
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: prevent potential failure in handletxevent for Transfer events without TRB Some transfer events don't always point to a TRB, and consequently don't have a endpoint ring. In these cases, function handletxevent should no...
TOTOLINK A702R Buffer Overflow Vulnerability
The TOTOLINK A702R is a wireless router model from China's Gion Electronics, with key features including dual-band 2.4GHz/5.8GHz network connectivity, up to 1200Mbps transfer rate, four 5dBi antennas, and a built-in firewall. A buffer overflow vulnerability exists in the TOTOLINK A702R, which...