Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993226)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993226 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix a flaw in existing endpoint checks Syzbot once again identified a flaw in u...

Linux Distros Unpatched Vulnerability : CVE-2023-54323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cxl/pmem: Fix nvdimm registration races A loop of the form: while true; do modprobe cxlpci; modprobe -r cxlpci; done ...fails with the following crash signature...

UBUNTU-CVE-2023-54323

In the Linux kernel, the following vulnerability has been resolved: cxl/pmem: Fix nvdimm registration races A loop of the form: while true; do modprobe cxlpci; modprobe -r cxlpci; done ...fails with the following crash signature: BUG: kernel NULL pointer dereference, address: 0000000000000040...

CVE-2023-54323 cxl/pmem: Fix nvdimm registration races

In the Linux kernel, the following vulnerability has been resolved: cxl/pmem: Fix nvdimm registration races A loop of the form: while true; do modprobe cxlpci; modprobe -r cxlpci; done ...fails with the following crash signature: BUG: kernel NULL pointer dereference, address: 0000000000000040...

iomap: allocate s_dio_done_wq for async reads as well

...

SUSE CVE-2022-50726

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix possible use-after-free in async command interface mlx5cmdcleanupasyncctx should return only after all its callback handlers were completed. Before this patch, the below race between mlx5cmdcleanupasyncctx and...

CVE-2025-68357 iomap: allocate s_dio_done_wq for async reads as well

In the Linux kernel, the following vulnerability has been resolved: iomap: allocate sdiodonewq for async reads as well Since commit 222f2c7c6d14 "iomap: always run error completions in user context", read error completions are deferred to sdiodonewq. This means the workqueue also needs to be...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the existence of post-release reuse of the asynchronous command interface...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not allocating sdiodonewq for asynchronous reads, which could lead to a failure of error completion processi...

[SECURITY] Fedora 42 Update: mingw-libsoup-2.74.3-14.fc42

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

[SECURITY] Fedora 43 Update: mingw-libsoup-2.74.3-14.fc43

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

UBUNTU-CVE-2025-68335

In the Linux kernel, the following vulnerability has been resolved: comedi: pcl818: fix null-ptr-deref in pcl818aicancel Syzbot identified an issue 1 in pcl818aicancel, which stems from the fact that in case of early device detach via pcl818detach, subdevice dev-readsubdev may not have initialize...

CVE-2025-68335 comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel()

In the Linux kernel, the following vulnerability has been resolved: comedi: pcl818: fix null-ptr-deref in pcl818aicancel Syzbot identified an issue 1 in pcl818aicancel, which stems from the fact that in case of early device detach via pcl818detach, subdevice dev-readsubdev may not have initialize...

CVE-2025-68335 comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel()

In the Linux kernel, the following vulnerability has been resolved: comedi: pcl818: fix null-ptr-deref in pcl818aicancel Syzbot identified an issue 1 in pcl818aicancel, which stems from the fact that in case of early device detach via pcl818detach, subdevice dev-readsubdev may not have initialize...

WordPress Fancy Product Designer plugin server-side request forgery vulnerability

WordPress Fancy Product Designer plugin is an e-commerce plugin designed for the WordPress platform, mainly used to implement the product online customization function. A server-side request forgery vulnerability exists in the WordPress Fancy Product Designer plugin, which stems from the presence...

WordPress Fancy Product Designer plugin information disclosure vulnerability

WordPress Fancy Product Designer plugin is an e-commerce plugin designed for the WordPress platform, mainly used to implement the product online customization function. WordPress Fancy Product Designer plugin has an information disclosure vulnerability, the vulnerability stems from the url...

SUSE CVE-2025-68287

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Fix race condition between concurrent dwc3removerequests call paths This patch addresses a race condition caused by unsynchronized execution of multiple call paths invoking dwc3removerequests, leading to premature...

EUVD-2025-204629

The Pretty Google Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the pgcalajaxhandler function in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to retrieve the Google API key set in t...

CVE-2025-14364 Demo Importer Plus <= 2.0.8 - Missing Authorization to Authenticated (Subscriber+) Site Reset and Privilege Escalation

The Demo Importer Plus plugin for WordPress is vulnerable to unauthorized modification of data, loss of data, and privilege escalation due to a missing capability check on the Ajax::handlerequest function in all versions up to, and including, 2.0.8. This makes it possible for authenticated...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991280)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991280 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCBAIORW before the struct aiokiocb conversion The first kiocbsetcancelfn argument...