Aggregator

CVE-2025-38397 | Linux Kernel up to 6.15.5/6.16-rc4 nvme-multipath nvme_mpath_add_sysfs_link stack-based overflow (WID-SEC-2025-1653)

Vuldb Updates
1 month 1 week ago
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.15.5/6.16-rc4. This vulnerability affects the function nvme_mpath_add_sysfs_link of the component nvme-multipath. Performing manipulation results in stack-based buffer overflow. This vulnerability is identified as CVE-2025-38397. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-38394 | Linux Kernel up to 6.15.5/6.16-rc4 HID input_register_handler use after free (WID-SEC-2025-1653)

Vuldb Updates
1 month 1 week ago
A vulnerability classified as critical has been found in Linux Kernel up to 6.15.5/6.16-rc4. This vulnerability affects the function input_register_handler of the component HID. This manipulation causes use after free. This vulnerability is tracked as CVE-2025-38394. The attack is only possible within the local network. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-38396 | Linux Kernel up to 6.1.145/6.6.96/6.12.36/6.15.5/6.16-rc4 anon_inode_make_secure_inode file descriptor consumption (Nessus ID 247384 / WID-SEC-2025-1653)

Vuldb Updates
1 month 1 week ago
A vulnerability classified as critical was found in Linux Kernel up to 6.1.145/6.6.96/6.12.36/6.15.5/6.16-rc4. This affects the function anon_inode_make_secure_inode. Such manipulation leads to uncontrolled file descriptor consumption. This vulnerability is referenced as CVE-2025-38396. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is advised.
vuldb.com

CVE-2025-38395 | Linux Kernel up to 6.16-rc4 regulator drvdata::gpiods allocation of resources (Nessus ID 247341 / WID-SEC-2025-1653)

Vuldb Updates
1 month 1 week ago
A vulnerability described as problematic has been identified in Linux Kernel up to 6.16-rc4. Affected by this vulnerability is the function drvdata::gpiods of the component regulator. The manipulation results in allocation of resources. This vulnerability was named CVE-2025-38395. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-38472 | Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7 netfilter __nf_conntrack_find_get allocation of resources (Nessus ID 251301 / WID-SEC-2025-1665)

Vuldb Updates
1 month 1 week ago
A vulnerability was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. It has been declared as critical. Affected by this issue is the function __nf_conntrack_find_get of the component netfilter. Executing manipulation can lead to allocation of resources. This vulnerability is registered as CVE-2025-38472. The attack requires access to the local network. No exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-38471 | Linux Kernel prior 6.1.147/6.6.100/6.12.40/6.15.8 tls tls_strp_check_rcv use after free (Nessus ID 251308 / WID-SEC-2025-1665)

Vuldb Updates
1 month 1 week ago
A vulnerability was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7/2277d7cbdf47531b2c3cd01ba15255fa955aab35. It has been classified as critical. Affected by this vulnerability is the function tls_strp_check_rcv of the component tls. Performing manipulation results in use after free. This vulnerability is cataloged as CVE-2025-38471. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

AWS CEO 称用 AI 取代初级员工是蠢主意

Solidot
1 month 1 week ago
亚马逊 AWS CEO Matt Garman 表示用 AI 工具取代初级员工是他听过的最蠢的主意之一,因为企业需要精通业务的资深员工,但资深员工都是从初级员工一步步成长起来的。他说,如果 10 年后企业没有此类员工,你的公司如何运作?他认为,企业应该继续招聘应届生,教他们如何构建软件、分解问题和采用最佳实践。他说 AI 时代最有价值的技能与大学学位不相关。要保住自己的工作员工必须不停的继续学习更新技能。

Hackers Exploit Apache ActiveMQ Flaw to Breach Cloud Linux Servers

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
1 month 1 week ago

Cybersecurity researchers have uncovered a sophisticated attack campaign where hackers exploiting a critical Apache ActiveMQ vulnerability are taking the unusual step of patching the security flaw after gaining access to victim systems. The Red Canary Threat Intelligence team observed this counterintuitive behavior across dozens of compromised cloud-based Linux servers, revealing a strategic approach to maintaining […]

The post Hackers Exploit Apache ActiveMQ Flaw to Breach Cloud Linux Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

CVE-2022-31624 | MariaDB up to 10.6 server_audit.c log_statement_ex denial of service (MDEV-26556 / Nessus ID 252504)

Vuldb Updates
1 month 1 week ago
A vulnerability, which was classified as problematic, was found in MariaDB up to 10.6. This vulnerability affects the function log_statement_ex of the file plugin/server_audit/server_audit.c. Such manipulation leads to denial of service. This vulnerability is referenced as CVE-2022-31624. The attack can only be performed from a local environment. No exploit is available. You should upgrade the affected component.
vuldb.com

CVE-2020-14641 | Oracle MySQL Server up to 8.0.20 Roles information disclosure (Nessus ID 252506)

Vuldb Updates
1 month 1 week ago
A vulnerability categorized as critical has been discovered in Oracle MySQL Server up to 8.0.20. Affected by this issue is some unknown functionality of the component Roles. Such manipulation leads to information disclosure. This vulnerability is referenced as CVE-2020-14641. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2022-40151 | Oracle Communications Cloud Native Core Binding Support Function Install/Upgrade denial of service (Nessus ID 252507)

Vuldb Updates
1 month 1 week ago
A vulnerability described as critical has been identified in Oracle Communications Cloud Native Core Binding Support Function up to 22.4.4/23.1.1. Affected by this issue is some unknown functionality of the component Install/Upgrade. The manipulation results in denial of service. This vulnerability is reported as CVE-2022-40151. The attack can be launched remotely. No exploit exists.
vuldb.com

CVE-2020-10755 | openstack-cinder up to 14.0.x/15.1.x/16.0.x API Endpoint Credentials insufficiently protected credentials (Nessus ID 252512)

Vuldb Updates
1 month 1 week ago
A vulnerability categorized as problematic has been discovered in openstack-cinder up to 14.0.x/15.1.x/16.0.x. This affects an unknown function of the component API Endpoint. Executing manipulation can lead to insufficiently protected credentials (Credentials). This vulnerability is tracked as CVE-2020-10755. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

Managed ad