[SECURITY] Fedora 41 Update: varnish-7.5.0-4.fc41

This is Varnish Cache, a high-performance HTTP accelerator. Varnish Cache stores web pages in memory so web servers don=E2=80=99t have to create the same web page over and over again. Varnish Cache serves pages much faster than any application server; giving the website a significant speed up...

UBUNTU-CVE-2025-38331

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: cortina: Use TOE/TSO on all TCP It is desireable to push the hardware accelerator to also process non-segmented TCP frames: we pass the skb-len to the "TOE/TSO" offloader and it will handle them. Without this quirk...

CVE-2025-38331 net: ethernet: cortina: Use TOE/TSO on all TCP

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: cortina: Use TOE/TSO on all TCP It is desireable to push the hardware accelerator to also process non-segmented TCP frames: we pass the skb-len to the "TOE/TSO" offloader and it will handle them. Without this quirk...

SUSE CVE-2025-38252

In the Linux kernel, the following vulnerability has been resolved: cxl/ras: Fix CPER handler device confusion By inspection, cxlcperhandleproterr is making a series of fragile assumptions that can lead to crashes: 1/ It assumes that endpoints identified in the record are a CXL-type-3 device,...

UBUNTU-CVE-2025-38252

In the Linux kernel, the following vulnerability has been resolved: cxl/ras: Fix CPER handler device confusion By inspection, cxlcperhandleproterr is making a series of fragile assumptions that can lead to crashes: 1/ It assumes that endpoints identified in the record are a CXL-type-3 device,...

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step in the mbedtlslmsverify process when internal errors from the createmerkleleafvalue and createmerkleinternalvalue functions are not checked. An attacker can cause the acceptance of invalid signatures by induci...

PT-2025-28012 · Mbed Tls · Mbed Tls

Name of the Vulnerable Software and Affected Versions: MbedTLS versions 3.3.0 through 3.6.3 Description: The issue allows an attacker to bypass LMS signature verification by reusing stale stack data, resulting in the acceptance of an invalid signature. This occurs when unchecked return values in...

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java and Node.js

Summary There are multiple vulnerabilities in Java and Node.js used by IBM Application Modernization Accelerator CVE-2025-21587, CVE-2025-30698, CVE-2025-4447, CVE-2025-47935, CVE-2025-47944, CVE-2025-27789, CVE-2025-46653, CVE-2025-48997, CVE-2025-48050. Vulnerability Details CVEID:CVE-2025-2158...

Vulnerability of the sa_run() function in the drivers/crypto/sa2ul.c module – A driver for the Linux kernel cryptographic accelerator, which allows an attacker to gain access to protected information

Vulnerability of the sarun function in the drivers/crypto/sa2ul.c module – The driver for the Linux kernel cryptographic accelerator is vulnerable to a vulnerability where memory is not properly freed before removing the last reference to memory memory leak. Exploiting this vulnerability could...

Vulnerability of the sun8i_ss_prng_generate() function in the drivers/crypto/allwinner/sun8i-ss/sun8i-ss-prng.c module – a driver for the Linux operating system’s cryptographic acceleration engine, allowing a hacker to cause a service failure.

Vulnerability of the sun8issprngGenerate function in the drivers/crypto/allwinner/sun8i-ss/sun8i-ss-prng.c module – The driver for the Linux operating system’s cryptographic acceleration engine is vulnerable due to the absence of restrictions and controls on resource distribution. Exploiting this...

Vulnerability of the adf_probe() function in the drivers/crypto/qat/qat_c3xxxvf/adf_drv.c module – a driver for the Linux kernel’s cryptographic accelerator, which allows a hacker to cause a system failure.

Vulnerability of the adfprobe function in the drivers/crypto/qat/qatc3xxxvf/adfdrv.c module – The driver for the Linux kernel’s cryptographic accelerator involves the use of an uninitialized resource. Exploiting this vulnerability could allow a hacker to cause system failures...

Vulnerability of the save_iaa_wq() function in the drivers/crypto/intel/iaa/iaa_crypto_main.c module – a driver for the Intel cryptographic accelerator in the Linux operating system, which allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information.

Vulnerability of the saveiaawq function in the drivers/crypto/intel/iaa/iaacryptomain.c module – The Linux kernel cryptographic accelerator driver has a vulnerability related to insufficient validation of input data when dividing by zero. Exploiting this vulnerability could allow an attacker to...

Side-Channel Extraction of Dataflow AI Accelerator Hardware Parameters

Dataflow neural network accelerators efficiently process AI tasks on FPGAs, with deployment simplified by ready-to-use frameworks and pre-trained models. However, this convenience makes them vulnerable to malicious actors seeking to reverse engineer valuable Intellectual Property IP through...

CVE-2025-6059 Seraphinite Accelerator <= 2.27.21 - Cross-Site Request Forgery to Multiple Administrative Actions

The Seraphinite Accelerator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.27.21. This is due to missing or incorrect nonce validation on the 'OnAdminApiCacheOpBegin' function. This makes it possible for unauthenticated attackers to perfor...

CVE-2025-6059 Seraphinite Accelerator <= 2.27.21 - Cross-Site Request Forgery to Multiple Administrative Actions

The Seraphinite Accelerator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.27.21. This is due to missing or incorrect nonce validation on the 'OnAdminApiCacheOpBegin' function. This makes it possible for unauthenticated attackers to perfor...

WordPress plugin Seraphinite Accelerator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2025-25456 · WordPress · Seraphinite Accelerator

Name of the Vulnerable Software and Affected Versions: Seraphinite Accelerator plugin for WordPress versions up to, and including, 2.27.21 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the OnAdminApi CacheOpBegin function. This...

ALSA-2025:8550 Important: varnish security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: varnish: request smuggling attacks CVE-2025-47905 For more details about the...

Important: Red Hat Security Advisory: varnish security update

An update for varnish is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: varnish security update

An update for varnish is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...