UBUNTU-CVE-2023-52980

In the Linux kernel, the following vulnerability has been resolved: block: ublk: extending queuesize to fix overflow When validating drafted SPDK ublk target, in a case that assigning large queue depth to multiqueue ublk device, ublk target would run into a weird incorrect state. During rounds of...

UBUNTU-CVE-2022-49750

In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Add u64 casts to avoid overflowing The fields of the CPC object are unsigned 32-bits values. To avoid overflows while using CPC's values, add 'u64' casts...

CVE-2022-49749 i2c: designware: use casting of u64 in clock multiplication to avoid overflow

In the Linux kernel, the following vulnerability has been resolved: i2c: designware: use casting of u64 in clock multiplication to avoid overflow In functions i2cdwscllcnt and i2cdwsclhcnt may have overflow by depending on the values of the given parameters including the icclk. For example in our...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an overflow due to a u64 conversion not used by CPPC...

PT-2025-18451

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A division by zero issue has been resolved in the Linux kernel. The problem occurs when a user sets a speed value greater than UINT MAX/8, making division by zero possible. This issue wa...

PT-2025-18447

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A division by zero issue has been resolved in the Linux kernel. The problem occurs when a user sets a speed value greater than UINT MAX/8, making division by zero possible. This issue wa...

PT-2025-18448

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A issue has been identified in the Linux kernel where the user can set any speed value, potentially leading to division by zero if the speed is greater than UINT MAX/8. This issue was...

PT-2025-20531

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue concerns the Linux kernel's handling of read/write replies in the 9p/net module. Specifically, in p9 client write and p9 client read once, if a server incorrectly replies with ...

CVE-2025-29912 CryptoLib Has Heap Buffer Overflow Due to Unsigned Integer Underflow in Crypto_TC_ProcessSecurity

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. In versions 1.3.3 and prior, an unsigned integer underflow in the...

CryptoLib 安全漏洞

CryptoLib is a NASA open source application. It is used to provide a software-only solution using the CCSDS space data link security protocol. A security vulnerability exists in CryptoLib 1.3.3 and prior versions that stems from an unsigned integer underflow in the CryptoTCProcessSecurity functio...

CryptoLib 数字错误漏洞

CryptoLib is a NASA open source application. It is used to provide a software-only solution using the CCSDS space data link security protocol. A numeric error vulnerability exists in CryptoLib 1.3.3 and prior versions that stems from an unsigned integer underflow in the CryptoTCPrepAAD function,...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature through the HTTPRedirect binding process. An attacker can manipulate the message processing by appending a malicious SAMLRequest in front of a valid SAMLResponse, leading to the applicati...

GHSA-46R4-F8GJ-XG56 The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding

Summary There's a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. I believe that it exists for v4 only. I have not yet developed a PoC. V5 is well designed and...

DEBIAN-CVE-2025-27773

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

UBUNTU-CVE-2025-27773

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

UBUNTU-CVE-2024-58069

In the Linux kernel, the following vulnerability has been resolved: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read The nvmem interface supports variable buffer sizes, while the regmap interface operates with fixed-size storage. If an nvmem client uses a buffer size less than 4 byte...

Linux Distros Unpatched Vulnerability : CVE-2024-56619

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nilfs2: fix potential out-of-bounds memory access in nilfsfindentry Syzbot reported that when searching for records in a directory where the inode's isize is...

Linux Distros Unpatched Vulnerability : CVE-2011-2515

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of...

OESA-2025-1187 grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB OpenTSDB. Security Fixes: Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored...

SUSE CVE-2024-58017

In the Linux kernel, the following vulnerability has been resolved: printk: Fix signed integer overflow when defining LOGBUFLENMAX Shifting 1 31 on a 32-bit int causes signed integer overflow, which leads to undefined behavior. To prevent this, cast 1 to u32 before performing the shift, ensuring...