12658 matches found
AZL-70159 CVE-2025-37882 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at the time of error occurrence on xHCI 1.1+ HCs or it's NULL on older ones. By the time we are handling the event,...
DEBIAN-CVE-2025-37882
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at the time of error occurrence on xHCI 1.1+ HCs or it's NULL on older ones. By the time we are handling the event,...
SUSE CVE-2025-37816
In the Linux kernel, the following vulnerability has been resolved: mei: vsc: Fix fortify-panic caused by invalid countedby use gcc 15 honors the countedbylen attribute on vsctppacket.buf and the vsc-tp.c code is using this in a wrong way. len does not contain the available size in the buffer, it...
SUSE CVE-2025-37826
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Add NULL check in ufshcdmcqcomplpendingtransfer Add a NULL check for the returned hwq pointer by ufshcdmcqreqtohwq. This is similar to the fix in commit 74736103fb41 "scsi: ufs: core: Fix ufshcdabortone racing...
SUSE CVE-2025-46728
cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Prior to version 0.20.1, the library fails to enforce configured size limits on incoming request bodies when Transfer-Encoding: chunked is used or when no Content-Length header is provided. A remote attacker can send a chunked...
AZL-62624 CVE-2025-37826 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Add NULL check in ufshcdmcqcomplpendingtransfer Add a NULL check for the returned hwq pointer by ufshcdmcqreqtohwq. This is similar to the fix in commit 74736103fb41 "scsi: ufs: core: Fix ufshcdabortone racing...
DEBIAN-CVE-2025-37826
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Add NULL check in ufshcdmcqcomplpendingtransfer Add a NULL check for the returned hwq pointer by ufshcdmcqreqtohwq. This is similar to the fix in commit 74736103fb41 "scsi: ufs: core: Fix ufshcdabortone racing...
CVE-2025-37813
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix invalid pointer dereference in Etron workaround This check is performed before preparetransfer and preparering, so enqueue can already point at the final link TRB of a segment. And indeed it will, some 0.4% of time...
AZL-63791 CVE-2025-37801 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: spi: spi-imx: Add check for spiimxsetupxfer Add check for the return value of spiimxsetupxfer. spiimx-rx and spiimx-tx function pointer can be NULL when spiimxsetupxfer return error, and make NULL pointer dereference. Unable to...
UBUNTU-CVE-2025-37826
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Add NULL check in ufshcdmcqcomplpendingtransfer Add a NULL check for the returned hwq pointer by ufshcdmcqreqtohwq. This is similar to the fix in commit 74736103fb41 "scsi: ufs: core: Fix ufshcdabortone racing...
UBUNTU-CVE-2025-37816
In the Linux kernel, the following vulnerability has been resolved: mei: vsc: Fix fortify-panic caused by invalid countedby use gcc 15 honors the countedbylen attribute on vsctppacket.buf and the vsc-tp.c code is using this in a wrong way. len does not contain the available size in the buffer, it...
UBUNTU-CVE-2025-37813
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix invalid pointer dereference in Etron workaround This check is performed before preparetransfer and preparering, so enqueue can already point at the final link TRB of a segment. And indeed it will, some 0.4% of time...
CVE-2025-37813 usb: xhci: Fix invalid pointer dereference in Etron workaround
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix invalid pointer dereference in Etron workaround This check is performed before preparetransfer and preparering, so enqueue can already point at the final link TRB of a segment. And indeed it will, some 0.4% of time...
PT-2025-20330
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue is related to the spi-imx module, where the spi imx setupxfer function's return value is not properly checked. This can...
PT-2025-20342
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, specifically in the xhci Extensible Host Controller Interface component related to the Etron workaround. The issue involves an...
RLSA-2025:0422 Moderate: java-17-openjdk security update for Rocky Linux 8.6, 8.8, 8.10, 9.4 and 9.5
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: JDK: Enhance array handling CVE-2025-21502 Bug Fixes: The Rocky Enterprise Software Foundation OpenJDK packages rely on the copy-jdk-configs package to...
IBM InfoSphere Information Server Plaintext Transfer Vulnerability
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A plaintext transfer vulnerability exists in IBM InfoSphere Information Server version 11.7, whi...
Arista EOS 安全漏洞
Arista EOS is a fully programmable, highly modular, Linux-based network operating system from Arista Corporation. A security vulnerability exists in Arista EOS that stems from the fact that running gNOI File TransferToRemote RPC with gNMI transfer enabled may result in the disclosure of remote...
The vulnerability of the PCMan FTP Server relates to the occurrence of operations beyond the buffer boundaries in memory. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the PCMan FTP Server relates to the execution of operations beyond the buffer boundaries during the processing of the send parameter. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected...
Do Not Install the TFTP Client
Trivial File Transfer Protocol TFTP is used for file transfer between a Linux server and other servers, desktop systems, as well as terminal devices. TFTP does not support authentication and encryption mechanisms. Data tends to be forged, tampered with, or stolen by attackers during communication...