SUSE CVE-2024-12798

ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program...

PT-2025-23640

Name of the Vulnerable Software and Affected Versions Jupyter Core versions prior to 5.8.0 Description The issue affects Jupyter Core on Windows, where the shared %PROGRAMDATA% directory is searched for configuration files, potentially allowing users to create files that impact other users. This ...

UBUNTU-CVE-2024-29214

Improper input validation in UEFI firmware CseVariableStorageSmm for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...

The vulnerability of the NVRAM Variable Handler in operating systems like MacOS allows a intruder to gain unauthorized access to protected information.

The vulnerability of the NVRAM Variable Handler component in MacOS systems is related to access control deficiencies. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

The vulnerability of the NVRAM Variable Handler in macOS operating systems allows a hacker to read and write arbitrary files.

The vulnerability of the NVRAM Variable Handler component in MacOS systems is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows an attacker to read and write arbitrary files...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Firmware: csdsp: Prevent buffer overflows when processing V2 algorithm headers. It is necessary to ensure that all fields of a V2 algorithm header fit within the available firmware data buffer. The wmfw V2 format introduced...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: soc: xilinx: renaming cpunumber1 to dummycpunumber. The per-process variable cpunumber1 is passed as an argument to xlnxeventhandler along with devid, but it is not used in this function. Therefore, the initialization of this...

PT-2025-6072 · Unknown · Phpgurukul Small Crm

Name of the Vulnerable Software and Affected Versions: PHPGurukul Small CRM version 3.0 Description: The issue is related to Cross Site Scripting XSS via a crafted payload injected into the name in the profile.php. This allows for potential malicious script execution. Recommendations: For...

Azure Linux 3.0 Security Update: less (CVE-2024-32487)

The version of less installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-32487 advisory. - less through 653 allows OS command execution via a newline character in the name of a file, because quoting is...

BIT-GOLANG-2025-22866 Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private...

CVE-2025-22866

A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leaka...

PT-2025-16544 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version V4.0si V16.03.10.20 Description: The issue concerns a buffer overflow in the AdvSetMacMtuWan function through the serverName2 variable. This can potentially allow for unauthorized access or control. Recommendations: For Ten...

CVE-2025-22866

Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private...

DEBIAN-CVE-2025-22866

Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private...

UBUNTU-CVE-2025-22866

Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private...

SUSE CVE-2025-22866

Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private...

CVE-2022-25936

Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable...

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from the use of the variable time instruction in the ppc64le architecture, resulting in the disclosure of secret scalar...

CVE-2022-2229

An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of...

CVE-2022-2653

With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file i...