EUVD-2025-210023

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer...

CVE-2025-59610

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer...

CVE-2025-59610 Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer...

CVE-2026-1677

CVE-2026-1677 concerns Zephyr: sockets created with IPPROTO_TLS_1_3 may still negotiate TLS 1.2 when both TLS versions are enabled, because socket‑level protocol selection isn’t propagated to mbedTLS (e.g., via mbedtls_ssl_conf_min_tls_version). The ClientHello can advertise both TLS 1.2 and TLS ...

SUSE CVE-2026-23318

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Use correct version for UAC3 header validation The entry of the validators table for UAC3 AC header descriptor is defined with the wrong protocol version UACVERSION2, while it should have been UACVERSION3. This...

EUVD-2026-15267

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Use correct version for UAC3 header validation The entry of the validators table for UAC3 AC header descriptor is defined with the wrong protocol version UACVERSION2, while it should have been UACVERSION3. This...

CVE-2026-23318

CVE-2026-23318 affects the Linux kernel ALSA USB-audio UAC3 header validation. The validator table for UAC3 AC header descriptors used UAC_VERSION_2 instead of UAC_VERSION_3, so real UAC3 devices were not validated and could trigger out-of-bounds reads when the driver accesses unvalidated descrip...

EUVD-2025-201916

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected application exhibits inconsistent SNMP behavior, such as unexpected service availability and unreliable configuration handling across protocol versions. This could allow an attacker to access sensitive data,...

EUVD-2025-37016

Credits Page not Matching Versions in Use in the FirmwareThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12517 Credits Page not Matching Versions in Use in the Firmware

Credits Page not Matching Versions in Use in the FirmwareThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

EUVD-2001-0509

Malware in sbrugna...

UBUNTU-CVE-2025-38147

In the Linux kernel, the following vulnerability has been resolved: calipso: Don't call calipso functions for AFINET sk. syzkaller reported a null-ptr-deref in txoptget. 0 The offset 0x70 was of struct ipv6txoptions in struct ipv6pinfo, so struct ipv6pinfo was NULL there. However, this never...

Failed to load module [veeamblksnap] on Oracle Linux 9 with UEK R8 kernel

Article Applicability This article is specifically regarding Oracle Linux 9 with UEK R8 kernel 6.12+: root@localhost cat /etc/os-release PRETTYNAME="Oracle Linux Server 9.5" root@localhost uname -r 6.12.0-0.20.20.el9uek.x8664 For all other situations involving the error "Failed to load module...

Mozilla: GetBoundName in the JIT returned the wrong object

The Mozilla Foundation Security Advisory describes this flaw as: GetBoundName could return the wrong version of an object when JIT optimizations were applied...

GHSA-J44V-MMF2-XVM9 PDM Trojan Lockfile

Summary It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. Details Project foo can be targeted by creating the project foo-2 and uploading the fil...

CVE-2023-45805

pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project f...

CWA HTML5 shows incorrect version

After upgrading CWA HTML5 from v2101 to any later versionsE.g. v2309 in the storefront server, the About dialog still shows the old version. The Storefront Console however still shows the correct version...

CVE-2022-34471

When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. This...

[Citrix Gateway] Client plugin of Window upgrade fails due to upgrade package issue

The client plugin fails to upgrade to the new one after upgrade ADC, following logs sample could be found in client plugin logs 15:36:32.432 | DEBUG | nsStartSSL called 15:36:32.432 | DEBUG | mNotifier0 15:36:32.447 | EVENT | Version mismatch 15:36:32.447 | DEBUG | RedrawActiveXWnd: 6:0...

UBUNTU-CVE-2021-43616

The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have bee...