Aggregator

CVE-2025-39678 | Linux Kernel up to 6.16.3/6.17-rc2 metric_tbl_addr null pointer dereference (Nessus ID 261608 / WID-SEC-2025-1988)

Vuldb Updates
5 months 2 weeks ago
A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.16.3/6.17-rc2. The impacted element is the function metric_tbl_addr. The manipulation results in null pointer dereference. This vulnerability is known as CVE-2025-39678. Access to the local network is required for this attack. No exploit is available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-39680 | Linux Kernel up to 6.16.3/6.17-rc2 i2c ismt_access out-of-bounds (Nessus ID 261604 / WID-SEC-2025-1988)

Vuldb Updates
5 months 2 weeks ago
A vulnerability marked as critical has been reported in Linux Kernel up to 6.16.3/6.17-rc2. The impacted element is the function ismt_access of the component i2c. This manipulation causes out-of-bounds read. The identification of this vulnerability is CVE-2025-39680. The attack needs to be done within the local network. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-39679 | Linux Kernel up to 6.6.102/6.12.43/6.16.3/6.17-rc2 nvif_vmm_ctor memory leak (Nessus ID 261618 / WID-SEC-2025-1988)

Vuldb Updates
5 months 2 weeks ago
A vulnerability identified as critical has been detected in Linux Kernel up to 6.6.102/6.12.43/6.16.3/6.17-rc2. This affects the function nvif_vmm_ctor. This manipulation causes memory leak. This vulnerability is handled as CVE-2025-39679. The attack can only be done within the local network. There is not any exploit available. You should upgrade the affected component.
vuldb.com

CVE-2025-39676 | Linux Kernel up to 6.17-rc2 qla4xxx_get_ep_fwdb null pointer dereference (Nessus ID 261626 / WID-SEC-2025-1988)

Vuldb Updates
5 months 2 weeks ago
A vulnerability was found in Linux Kernel up to 6.17-rc2. It has been rated as critical. The affected element is the function qla4xxx_get_ep_fwdb. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-39676. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2025-39677 | Linux Kernel up to 6.16.3/6.17-rc2 sched qdisc_dequeue_internal infinite loop (Nessus ID 261622 / WID-SEC-2025-1988)

Vuldb Updates
5 months 2 weeks ago
A vulnerability has been found in Linux Kernel up to 6.16.3/6.17-rc2 and classified as critical. Affected is the function qdisc_dequeue_internal of the component sched. The manipulation leads to infinite loop. This vulnerability is documented as CVE-2025-39677. The attack requires being on the local network. There is not any exploit available. The affected component should be upgraded.
vuldb.com

CVE-2025-39675 | Linux Kernel up to 6.17-rc2 mod_hdcp_hdcp1_create_session null pointer dereference (Nessus ID 261611 / WID-SEC-2025-1988)

Vuldb Updates
5 months 2 weeks ago
A vulnerability labeled as critical has been found in Linux Kernel up to 6.17-rc2. The affected element is the function mod_hdcp_hdcp1_create_session. The manipulation results in null pointer dereference. This vulnerability was named CVE-2025-39675. The attack needs to be approached within the local network. There is no available exploit. The affected component should be upgraded.
vuldb.com

Eaton Vulnerabilities Let Attackers Execute Arbitrary Code On the Host System

Cyber Security News
5 months 2 weeks ago

A critical security advisory addressing multiple vulnerabilities discovered in the Eaton UPS Companion (EUC) software. These security flaws, if exploited, could allow attackers to execute arbitrary code on the host system, potentially giving them complete control over affected devices. The advisory, identified as ETN-VA-2025-1026, highlights two specific vulnerabilities affecting all versions of the Eaton UPS Companion […]

The post Eaton Vulnerabilities Let Attackers Execute Arbitrary Code On the Host System appeared first on Cyber Security News.

Abinaya

Will Agentic AI Hurt or Help Your Security Posture?

不安全
5 months 2 weeks ago
嗯,用户让我帮忙总结一下这篇文章的内容,控制在一百个字以内,而且不需要特定的开头。首先,我需要通读整篇文章,抓住主要观点。 文章主要讲的是生成式AI在网络安全中的双刃剑作用。它提升了威胁检测和SOC运营的效率,但同时也带来了新的风险,比如AI驱动的钓鱼攻击、供应链漏洞和机器身份蔓延。最后,文章强调了组织适应能力的重要性。 接下来,我需要把这些要点浓缩到100字以内。要确保涵盖AI带来的好处和风险,以及组织适应的重要性。语言要简洁明了,避免复杂的术语。 可能的结构是:先点出AI的影响,然后提到提升的部分和带来的风险,最后总结关键因素。这样既全面又简洁。 现在开始组织语言:“生成式AI正在重塑网络安全格局。它提升了威胁检测和安全运营中心(SOC)的效率,但同时也带来了新的风险,如AI驱动的钓鱼攻击、供应链漏洞和机器身份蔓延。企业能否有效应对这些挑战将取决于其适应能力和治理框架。” 这样刚好100字左右,并且涵盖了所有关键点。 生成式AI正在重塑网络安全格局。它提升了威胁检测和安全运营中心(SOC)的效率,但同时也带来了新的风险,如AI驱动的钓鱼攻击、供应链漏洞和机器身份蔓延。企业能否有效应对这些挑战将取决于其适应能力和治理框架。

California’s DROP Program Changes Everything: How B2C Companies Can Eliminate Authentication Liabilities and Meet Global Privacy Compliance with MojoAuth

Security Boulevard
5 months 2 weeks ago

California's DROP Program Changes Everything

The post California’s DROP Program Changes Everything: How B2C Companies Can Eliminate Authentication Liabilities and Meet Global Privacy Compliance with MojoAuth appeared first on Security Boulevard.

MojoAuth - Advanced Authentication & Identity Solutions

California’s DROP Program Changes Everything: How B2C Companies Can Eliminate Authentication Liabilities and Meet Global Privacy Compliance with MojoAuth

不安全
5 months 2 weeks ago
好的,我需要帮用户总结这篇文章的内容,控制在100字以内,并且不需要特定的开头。首先,我会通读整篇文章,抓住主要观点。 文章主要讲的是加州在2026年推出的DROP平台,允许居民删除个人信息。接着讨论了这对数据隐私的影响,特别是对企业认证系统的挑战。 MojoAuth 提供了一种零存储架构,避免存储敏感信息,从而简化合规性。 接下来,我要将这些要点浓缩成100字以内的中文总结。确保涵盖关键点:DROP平台、数据隐私变化、认证危机、MojoAuth的解决方案及其优势。 最后,检查语言是否简洁明了,符合用户的要求。 加州推出DROP平台允许居民删除个人信息,引发数据隐私变革。文章指出传统认证系统面临合规和安全风险,MojoAuth通过零存储架构消除PII存储,简化全球隐私合规并提升用户体验。

PCSX2 2.6.0 释出

Solidot
5 months 2 weeks ago
索尼 PS2 游戏机的模拟器项目 PCSX2 释出了 v2.6.0 版本。开发者表示这是至今规模最大的版本发布。主要变化包括:Big Picture 模式和 Qt 界面功能维持一致性;完成韩语游戏名翻译;Windows 和 Linux 支持创建游戏快捷方式;Big Picture 模式支持表情符号;改进混合和硬件渲染器,显著提升 Direct3D12 渲染器速度,部分游戏的性能提升逾 5 倍(主要是使用 AMD GPU 的系统);等等。

Managed ad