Aggregator

Submit #607818 / VDB-316096

A vulnerability was found in letseeqiji gorobbs up to 1.0.8. It has been classified as critical. This affects the function ResetUserAvatar of the file controller/api/v1/user.go of the component API. The manipulation of the argument filename leads to path traversal. This vulnerability is uniquely identified as CVE-2025-7450. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.14.8. This affects an unknown part of the component vxlan. The manipulation of the argument used/updated leads to race condition. This vulnerability is uniquely identified as CVE-2025-38037. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.14.7. Affected is the function nfs_get_lock_context. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-38023. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.139/6.6.91/6.12.29/6.14.7 and classified as critical. This vulnerability affects the function mlx5e_fix_uplink_rep_features. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-38020. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.21/6.2.8. It has been rated as problematic. This issue affects the function nfsd_splice_actor of the component nfsd. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2023-53083. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.22/6.2.7. It has been classified as critical. This affects the function p:copy_to_user of the file /sys/kernel/tracing/kprobe_events. The manipulation of the argument arg2 leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2023-53093. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.2.8. It has been classified as problematic. This affects the function skb_mac_header of the file include/linux/skbuff.h of the component erspan. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2023-53053. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.15.104/6.1.21/6.2.8. This issue affects the function security_sb_delete of the component fscrypt. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2023-53055. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.21/6.2.8. Affected by this issue is the function x86_perf_event_set_period. The manipulation leads to infinite loop. This vulnerability is handled as CVE-2023-53073. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.3-rc3. This affects the function slimpro_i2c_blkwr of the file drivers/i2c/busses/i2c-xgene-slimpro.c of the component i2c. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2023-2194. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.2.8 and classified as critical. Affected by this issue is the function cond_resched. The manipulation leads to denial of service. This vulnerability is handled as CVE-2023-53051. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects unknown code of the component Traffic Control Subsystem. The manipulation leads to denial of service. This vulnerability was named CVE-2022-4269. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Submit #607799 / VDB-316095

The Intelligence and Security Committee has warned of Iran’s “aggressive” and “extensive” cyber capabilities

AMD has issued a security bulletin, AMD-SB-7029, highlighting several transient scheduler attacks that exploit speculative execution timing in its processors, potentially leading to loss of confidentiality. These vulnerabilities stem from investigations into a Microsoft report on microarchitectural leaks, revealing side-channel attacks where attackers could infer sensitive data through execution timing under specific conditions. Rated at […]

The post AMD Warns of Transient Scheduler Attacks Impacting Broad Range of Chipsets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Метрики отправляются автоматически — без уведомлений и диалогов.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix NetScaler ADC and Gateway, tracked as CVE-2025-5777, to its Known Exploited Vulnerabilities (KEV) catalog. The CVE-2025-5777 flaw, dubbed ‘CitrixBleed 2‘ (CVSS v4.0 Base Score […]