Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the comedi/pcl726 module not verifying interrupt number validity...

Linux Distros Unpatched Vulnerability : CVE-2017-11104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and...

Linux Distros Unpatched Vulnerability : CVE-2017-12867

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SimpleSAMLAuthTimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by...

Astra Linux - уязвимость в openvpn

OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session...

Authentication Bypass

github.com/hashicorp/vault is vulnerable to authentication bypass. The vulnerability is due to the TOTP Secrets Engine code validation endpoint allowing code reuse within its validity period, which allows an attacker to replay a previously valid code to gain unauthorized access...

SUSE CVE-2025-38562

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference error in generateencryptionkey If client send two session setups with krb5 authenticate to ksmbd, null pointer dereference error in generateencryptionkey could happen. sess-PreauthHashValue is...

CVE-2025-38562

CVE-2025-38562 affects the Linux kernel ksmbd component. When a client performs two session setups with krb5 authentication to ksmbd, a null pointer dereference in generate_encryptionkey could occur if sess->Preauth_HashValue is NULL while the session is valid. The fix ensures the encryption k...

BIT-JENKINS-2024-9453 Jenkins-image: sensitive data disclosure when using openshift jenkins image

A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if th...

Linux Distros Unpatched Vulnerability : CVE-2021-38497

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Through use of reportValidity and window.open, a plain-text validation message could have been overlaid on another origin, leading to possible user confusion an...

Linux Distros Unpatched Vulnerability : CVE-2024-46764

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: add check for invalid name in btfnamevalidsection If the length of the name string is 1...

CVE-2025-6014

Vault and Vault Enterprise’s “Vault” TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

SUSE-SU-2025:02592-1 Security update for cosign

This update for cosign fixes the following issues: Update to version 2.5.3 jscSLE-23879: - CVE-2025-46569: Fixed OPA server Data API HTTP path injection of Rego bsc1246725 Changelog: Update to 2.5.3: - Add signing-config create command 4280 - Allow multiple services to be specified for trusted-ro...

CVE-2025-8312

Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.This issue affects the following versions : Devolutions Server 2025.2.2.0 through 2025.2.5.0...

CVE-2025-8312

Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.This issue affects the following versions : Devolutions Server 2025.2.2.0 through 2025.2.5.0...

CVE-2025-8312

Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service.This issue affects the following versions : Devolutions Server 2025.2.2.0 through 2025.2.5.0...

CVE-2025-8312

CVE-2025-8312 describes a deadlock in Devolutions Server’s PAM automatic check-in feature that can allow a password to stay valid past its intended check-out. Affected versions include Devolutions Server 2025.2.2.0 through 2025.2.5.0 and 2025.1.12.0 and earlier. The root cause is a scheduling-ser...

PT-2025-31414 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2025.2.5.0 and earlier Description: A deadlock in the PAM automatic check-in feature allows a password to remain valid beyond its intended check-out period. This is due to a deadlock occurring in the scheduling...

AZL-65684 CVE-2025-38412 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks After retrieving WMI data blocks in sysfs callbacks, check for the validity of them before dereferencing their content...

URLCrazy Domain Name Typo Tool 0.8.1

URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo ...

CVE-2025-31952

HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked, increasing the risk of unauthorized access...