Aggregator

A vulnerability described as critical has been identified in Linux Kernel up to 6.6.94/6.12.34/6.15.3. This issue affects the function ext4_dirty_journalled_data of the component ext4. Executing manipulation can lead to null pointer dereference. This vulnerability is handled as CVE-2025-38220. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.15.3. It has been declared as critical. This vulnerability affects the function build_sit_entries. The manipulation results in denial of service. This vulnerability is reported as CVE-2025-38218. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability marked as problematic has been reported in Linux Kernel up to 6.15.3. This vulnerability affects the function i_nlink of the file fs/inode.c. Performing manipulation results in privilege escalation. This vulnerability is known as CVE-2025-38219. Access to the local network is required for this attack. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.6.94/6.12.34/6.15.3/6.16-rc2. The affected element is the function fts_read of the component hwmon. The manipulation results in race condition. This vulnerability was named CVE-2025-38217. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.34/6.15.3. Affected is the function spi_master. Such manipulation leads to privilege escalation. This vulnerability is listed as CVE-2025-38216. The attack must be carried out from within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.3. It has been declared as critical. This impacts the function fb_add_videomode of the component fbdev. Executing manipulation can lead to null pointer dereference. This vulnerability is registered as CVE-2025-38214. The attack requires access to the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.94/6.12.34/6.15.3. It has been declared as critical. Affected by this issue is the function fb_add_videomode of the component fbdev. The manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2025-38215. The attack must originate from the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.15.3. The impacted element is the function idr_for_each of the component ipc. Executing manipulation can lead to use after free. This vulnerability is handled as CVE-2025-38212. The attack can only be done within the local network. There is not any exploit available. The affected component should be upgraded.

This issue is likely a false positive. Please verify the cited sources and consider not including this entry.

A vulnerability classified as critical was found in Linux Kernel up to 5.15.185/6.1.141/6.6.94/6.12.34/6.15.3. Affected by this vulnerability is the function alloc_work_entries. Such manipulation leads to use after free. This vulnerability is referenced as CVE-2025-38211. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability has been found in Linux Kernel up to 6.15.3 and classified as critical. This vulnerability affects the function nvme_tcp_setup_ctrl. The manipulation leads to use after free. This vulnerability is listed as CVE-2025-38209. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.12.34/6.15.3. This affects the function tsm_unregister. Such manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-38210. Access to the local network is required for this attack to succeed. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.94/6.12.34/6.15.3. Impacted is the function automount_fullpath of the component smb. The manipulation results in null pointer dereference. This vulnerability is identified as CVE-2025-38208. The attack can only be performed from the local network. There is not any exploit available. You should upgrade the affected component.

The Eclipse Foundation has revoked several compromised access tokens associated with publishing extensions to the open Open VSX

The post Token Leak: Eclipse Revokes Exposed Keys to Halt Open VSX Supply Chain Attacks appeared first on Penetration Testing Tools.

报名进行中！

好的，我现在需要帮用户总结一篇文章的内容，控制在100个字以内。用户给的文章是关于B站广告的问题，提到一个账号@9772b388-e7被用来投放广告，用户拉黑这个账号并清理缓存可以屏蔽广告。另外还提到设置英语也能减少广告。 首先，我得确定文章的主要信息点：发现广告账号、拉黑和清理缓存的方法、设置语言为英语的替代方法。这些都是关键点。 然后，我要把这些信息浓缩成一句话，不超过100字。要确保包含主要方法和效果，同时保持语句通顺。 可能会遇到的问题是如何在有限的字数内涵盖所有关键点而不遗漏重要信息。可能需要调整句子结构，去掉不必要的细节。 最后，检查字数是否符合要求，并确保内容准确传达文章的核心信息。 B站用户发现通过拉黑特定账号@9772b388-e7并清理缓存可屏蔽开屏广告，或设置语言为英语以减少广告出现。

图压是一款免费批量图片压缩工具，支持高效压缩图片体积而不影响画质。适用于网页、PPT等场景，内置目标文件大小压缩功能，在上传受限时特别好用。界面友好，操作简单。

好的，我现在需要帮用户总结一篇文章的内容，控制在100字以内。首先，我得仔细阅读用户提供的文章内容。看起来这篇文章主要是关于ISC Stormcast的播客，日期是2025年11月3日，主持人是Johannes Ullrich。内容涉及网络安全威胁、事件分析和防护建议。 接下来，我需要确定用户的需求是什么。用户希望用中文总结，并且不需要特定的开头，直接描述内容即可。因此，我应该抓住关键点：播客名称、主持人、主要内容和目的。 然后，我要确保语言简洁明了，不超过100字。可能的结构是：ISC Stormcast播客讨论了网络安全威胁和事件，提供防护建议，帮助听众了解最新动态。 最后，检查是否有遗漏的重要信息，并确保总结准确且符合要求。 ISC Stormcast播客讨论了网络安全威胁和事件，提供防护建议和最新动态分析。

好的，我现在需要帮用户总结一篇文章的内容，控制在一百个字以内。首先，我得仔细阅读文章，抓住主要信息。 文章讲的是AMD确认ZEN 5处理器的RDSEED功能有故障，属于高危漏洞。这个问题是META的工程师发现的，影响机密性和完整性。AMD建议暂停使用16/32位RDSEED，64位不受影响。他们计划发布微代码修复，并给出了时间表。 接下来，我需要把这些信息浓缩到100字以内。要包括AMD确认漏洞、RDSEED问题、高危级别、建议暂停使用16/32位、修复计划等关键点。 然后，组织语言，确保简洁明了。比如：“AMD确认ZEN 5处理器RDSEED功能存在高危漏洞，可能导致机密性和完整性损失。建议暂停使用16/32位RDSEED指令。AMD将陆续发布微代码修复。” 这样刚好在字数限制内。 最后检查是否有遗漏的重要信息，比如修复的时间节点是否需要提到？但考虑到字数限制，可能不需要详细说明时间表。 总结完毕。 AMD确认ZEN 5处理器RDSEED功能存在高危漏洞，可能导致机密性和完整性损失。建议暂停使用16/32位RDSEED指令。AMD将陆续发布微代码修复。