CVE-2025-22834 ThirdPartyVideo SetVariable Vulnerability

AMI APTIOV contains a vulnerability in BIOS where a user may cause “Improper Initialization” by local accessing. Successful exploitation of this vulnerability may leave the resource in an unexpected state and potentially impact confidentiality, integrity, and availability...

Linux Distros Unpatched Vulnerability : CVE-2022-49001

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: riscv: fix race when vmap stack overflow Currently, when detecting vmap stack overflow, risc...

Fedora 42 : toolbox (2025-e41c694c83)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-e41c694c83 advisory. Security fixes Bumped the minimum github.com/go-viper/mapstructure/v2 version to 2.3.0 for GHSA-fv92-fjc5-jj9h or GO-2025-3787 Bumped the minimum...

Linux Distros Unpatched Vulnerability : CVE-2024-38623

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning:...

Generalized Kennedy Receivers Enhanced CV-QKD in Turbulent Channels for Endogenous Security of Space-Air-Ground Integrated Network

Endogenous security in next-generation wireless communication systems attracts increasing attentions in recent years. A typical solution to endogenous security problems is the quantum key distribution QKD, where unconditional security can be achieved thanks to the inherent properties of quantum...

Surpassing the PLOB Bound in Continuous-Variable Quantum Secret Sharing Using a State-Discrimination Detector

Continuous-variable quantum secret sharing CVQSS is a promising approach to ensuring multi-party information security. While CVQSS offers practical ease of implementation, its present performance remains limited. In this paper, we propose a novel CVQSS protocol integrated with a...

PT-2025-32956

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 139.0.7258.127 Description: An out-of-bounds write issue exists in ANGLE within Google Chrome. A remote attacker could potentially perform out-of-bounds memory access through a specially crafted HTML page. The...

BIT-LIBPHP-2024-8927 cgi.force_redirect configuration is bypassable due to the environment variable collision

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, HTTPREDIRECTSTATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP...

BIT-LIBPHP-2022-4900 Potential buffer overflow in php_cli_server_startup_workers

A vulnerability was found in PHP where setting the environment variable PHPCLISERVERWORKERS to a large value leads to a heap buffer overflow...

Security Bulletin: Kafka client library upgraded to kafka-clients-3.9.1

Summary Kafka client library upgraded to kafka-clients-3.9.1. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients accept configuration data for...

Linux Distros Unpatched Vulnerability : CVE-2021-46951

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tpm: efi: Use local variable for calculating final log size When tpmreadlogefi is called...

Linux Distros Unpatched Vulnerability : CVE-2022-49752

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: device property: fix of node refcount leak in fwnodegraphgetnextendpoint The 'parent' return...

SUSE CVE-2025-54368

uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...

CVE-2025-54368

uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...

CVE-2025-54368 uv is vulnerable to ZIP payload obfuscation through parsing differentials

uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...

Important: mtr

Issue Overview: mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTRPACKET environment variable. CVE-2025-49809 Affected Packages: mtr Issue Correction: Run dnf update mtr --releasever 2023.8.20250808 or dnf update --advisory ALAS2023-2025-1102...

Linux Distros Unpatched Vulnerability : CVE-2025-4878

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekeyfromfile function. This flaw can be...

mtd: nand: ecc-mxic: Fix use of uninitialized variable ret

...

Linux Distros Unpatched Vulnerability : CVE-2023-52893

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gsmi: fix null-deref in gsmigetvariable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 efi:...

Use of Uninitialized Variable

Overview Affected versions of this package are vulnerable to Use of Uninitialized Variable due to the absent check of pimage value before calling opjj2kreadheader function. An attacker can achieve arbitrary code execution or cause a denial of service by supplying a specially crafted image file...