SUSE-SU-2025:02278-1 Security update for libssh

This update for libssh fixes the following issues: - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. - CVE-2025-4878: Fixed use of uninitialized variable in privatekeyfromfile bsc1245310. - CVE-2025-5318: Fixed likely read beyond bounds in sftp server...

CVE-2025-38315

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI variable Since the size of struct btinteldsbr is already known, we can just start there instead of querying the EFI variable size. If the final result doesn't match what we expect also...

CVE-2025-38277

In the Linux kernel, the following vulnerability has been resolved: mtd: nand: ecc-mxic: Fix use of uninitialized variable ret If ctx-steps is zero, the loop processing ECC steps is skipped, and the variable ret remains uninitialized. It is later checked and returned, which leads to undefined...

UBUNTU-CVE-2025-38315

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI variable Since the size of struct btinteldsbr is already known, we can just start there instead of querying the EFI variable size. If the final result doesn't match what we expect also...

CVE-2025-38315 Bluetooth: btintel: Check dsbr size from EFI variable

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI variable Since the size of struct btinteldsbr is already known, we can just start there instead of querying the EFI variable size. If the final result doesn't match what we expect also...

CVE-2025-38315

CVE-2025-38315 concerns a Linux kernel Bluetooth driver issue (btintel). The root cause is a mismatch between the EFI variable size and the known struct btintel_dsbr size, which could lead to a stack overflow if the EFI variable is larger than expected. The fix alters the check to rely on the kno...

CVE-2025-38315 Bluetooth: btintel: Check dsbr size from EFI variable

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI variable Since the size of struct btinteldsbr is already known, we can just start there instead of querying the EFI variable size. If the final result doesn't match what we expect also...

CVE-2025-38277 mtd: nand: ecc-mxic: Fix use of uninitialized variable ret

In the Linux kernel, the following vulnerability has been resolved: mtd: nand: ecc-mxic: Fix use of uninitialized variable ret If ctx-steps is zero, the loop processing ECC steps is skipped, and the variable ret remains uninitialized. It is later checked and returned, which leads to undefined...

CVE-2025-38277 mtd: nand: ecc-mxic: Fix use of uninitialized variable ret

In the Linux kernel, the following vulnerability has been resolved: mtd: nand: ecc-mxic: Fix use of uninitialized variable ret If ctx-steps is zero, the loop processing ECC steps is skipped, and the variable ret remains uninitialized. It is later checked and returned, which leads to undefined...

CVE-2025-38277

CVE-2025-38277 affects the Linux kernel mtd: nand: ecc-mxic code. The bug occurs when ctx->steps is zero: the loop over ECC steps is skipped and ret is left uninitialized, later checked/returned, causing undefined behavior and potential user-space disruption or kernel crashes. The fix initiali...

Exploit for CVE-2024-31969

📌 CVE-2024-31969 CVE-2024-31969 adalah kerentanan local...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an uninitialized variable issue in nand-ecc-mxic, which could lead to unpredictable results...

PT-2025-29157 · Honeywell · Honeywell Experion Pks

Name of the Vulnerable Software and Affected Versions: Honeywell Experion PKS versions 520.1 through 520.2 TCU9 Honeywell Experion PKS versions 530 through 530 TCU3 Description: The Honeywell Experion PKS contains an uninitialized variable in the common Epic Platform Analyzer EPA communications. ...

Exploit for Out-of-bounds Read in Citrix Netscaler_Application_Delivery_Controller

CVE-2025-5777 Citrix NetScaler Memory Leak Exploit !WARNIN...

GHSA-489J-G2VX-39WF Transformers vulnerable to ReDoS attack through its SETTING_RE variable

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the SETTINGRE variable within the transformers/commands/chat.py file. The...

TencentOS Server 3: glibc (TSSA-2025:0498)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0498 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

The vulnerability of the gpiolib-cdev.c component in the Linux operating system’s kernel allows a hacker to cause service interruptions as well as trigger system failures.

The vulnerability of the gpiolib-cdev.c component in the Linux operating system is related to errors during initialization of variables. Exploiting this vulnerability can allow an attacker to cause service failures...

Exploit for Out-of-bounds Read in Citrix Netscaler_Application_Delivery_Controller

CitrixBleed-2-CVE-2025-5777 checker checker.py httphttps...

CVE-2025-38229

In the Linux kernel, the following vulnerability has been resolved: media: cxusb: no longer judge rbuf when the write fails syzbot reported a uninit-value in cxusbi2cxfer. 1 Only when the write operation of usbbulkmsg in dvbusbgenericrw succeeds and rlen is greater than 0, the read operation of...

Use of Hard-coded Password

Overview Affected versions of this package are vulnerable to Use of Hard-coded Password via the mySecret argument in the JWT Token Handler process. An attacker can gain unauthorized access to sensitive information by exploiting the presence of a hard-coded secret value in authentication mechanism...