CVE-2023-53127 - Linux Kernel SCSI MPI3MR Resource Leak Vulnerability

CVE ID : CVE-2023-53127

Published : May 2, 2025, 4:15 p.m. | 34 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

scsi: mpi3mr: Fix expander node leak in mpi3mr_remove()

Add a missing resource clean up in .remove.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

CVE-2025-46730 – “MobSF ZIP Bomb Denial of Service Vulnerability”

May 5, 2025

CVE ID : CVE-2025-46730

Published : May 5, 2025, 8:15 p.m. | 3 hours, 19 minutes ago

Description : MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external vendors. MobSF provides a feature that allows users to upload ZIP files for static analysis. Upon upload, these ZIP files are automatically extracted and stored within the MobSF directory. However, in versions up to and including 4.3.2, this functionality lacks a check on the total uncompressed size of the ZIP file, making it vulnerable to a ZIP of Death (zip bomb) attack. Due to the absence of safeguards against oversized extractions, an attacker can craft a specially prepared ZIP file that is small in compressed form but expands to a massive size upon extraction. Exploiting this, an attacker can exhaust the server’s disk space, leading to a complete denial of service (DoS) not just for MobSF, but also for any other applications or websites hosted on the same server. This vulnerability can lead to complete server disruption in an organization which can affect other internal portals and tools too (which are hosted on the same server). If some organization has created their customized cloud based mobile security tool using MobSF core then an attacker can exploit this vulnerability to crash their servers. Commit 6987a946485a795f4fd38cebdb4860b368a1995d fixes this issue. As an additional mitigation, it is recommended to implement a safeguard that checks the total uncompressed size of any uploaded ZIP file before extraction. If the estimated uncompressed size exceeds a safe threshold (e.g., 100 MB), MobSF should reject the file and notify the user.

Severity: 6.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Anthropic beats OpenAI as the top LLM provider for business – and it’s not even close

I bought Samsung’s Galaxy Watch Ultra 2025 – here’s why I have buyer’s remorse

I can admit when I’m wrong — this 75% wireless gaming keyboard is way better than I thought it would be

This is Microsoft’s canceled Windows-based Surface Duo — the dual-screen Windows Phone from 2018 that we never got

The details of TC39’s last meeting

The details of TC39’s last meeting

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

I can admit when I’m wrong — this 75% wireless gaming keyboard is way better than I thought it would be

I can admit when I’m wrong — this 75% wireless gaming keyboard is way better than I thought it would be

This is Microsoft’s canceled Windows-based Surface Duo — the dual-screen Windows Phone from 2018 that we never got

Looking for an Ubuntu Manual? Try This Book

CVE-2023-53127 – Linux Kernel SCSI MPI3MR Resource Leak Vulnerability

Why the tech industry needs to stand firm on preserving end-to-end encryption

Is your phone spying on you? | Unlocked 403 cybersecurity podcast (S2E5)

CVE-2025-33067 – Windows Kernel Privilege Escalation Vulnerability

CVE-2025-6603 – “qCUDA qcow Integer Overflow Vulnerability”

Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems

CodeSOD: The Wrong Kind of Character

CVE-2025-46730 – “MobSF ZIP Bomb Denial of Service Vulnerability”

This hidden tool will help you migrate from Windows 10 to Windows 11

Texas AG Paxton Takes on Google—and Wins $1.375 Billion in Privacy Case

CVE-2025-5730 – WordPress Contact Form Plugin Stored Cross-Site Scripting Vulnerability

CVE-2023-53127 – Linux Kernel SCSI MPI3MR Resource Leak Vulnerability

Related Posts