2388 matches found
CVE-2025-38628
In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix release of uninitialized resources on error path The commit in the fixes tag made sure that mlx5vdpafree is the single entrypoint for removing the vdpa device resources added in mlx5vdpadevadd, even in the cleanup...
DEBIAN-CVE-2025-38628
In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix release of uninitialized resources on error path The commit in the fixes tag made sure that mlx5vdpafree is the single entrypoint for removing the vdpa device resources added in mlx5vdpadevadd, even in the cleanup...
CVE-2025-38628
CVE-2025-38628 affects the Linux kernel mlx5 vdpa path. The issue was a resource cleanup bug where cleanup paths could operate on uninitialized resources, triggering a splat when adding a vdpa device without a MAC address. The fixes ensure mlx5_vdpa_free() is the single entrypoint for removing vd...
CVE-2025-38628 vdpa/mlx5: Fix release of uninitialized resources on error path
In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix release of uninitialized resources on error path The commit in the fixes tag made sure that mlx5vdpafree is the single entrypoint for removing the vdpa device resources added in mlx5vdpadevadd, even in the cleanup...
CVE-2025-38628
In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix release of uninitialized resources on error path The commit in the fixes tag made sure that mlx5vdpafree is the single entrypoint for removing the vdpa device resources added in mlx5vdpadevadd, even in the cleanup...
CVE-2025-38627 f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix UAF of f2fsinodeinfo in f2fsfreedic The decompressioctx may be released asynchronously after I/O completion. If this file is deleted immediately after read, and the kworker of processing postreadwq has not bee...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from f2fsfreedic not properly handling asynchronous releases, which could lead to reuse after release...
CVE-2025-51529
Incorrect Access Control in the AJAX endpoint functionality in jonkastonka Cookies and Content Security Policy plugin through version 2.29 allows remote attackers to cause a denial of service database server resource exhaustion via unlimited database write operations to the...
SUSE SLES15 Security Update : kernel (SUSE-SU-2025:02923-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02923-1 advisory. The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes. The following security bugs...
CVE-2025-51529
Incorrect Access Control in the AJAX endpoint functionality in jonkastonka Cookies and Content Security Policy plugin through version 2.29 allows remote attackers to cause a denial of service database server resource exhaustion via unlimited database write operations to the...
CVE-2024-12612
The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via several parameters across multiple AJAX action in all versions up to, and including, 93.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
Linux Distros Unpatched Vulnerability : CVE-2023-28859
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data ...
CVE-2025-38546
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clipvcc. ioctlATMARPMKIP allocates struct clipvcc and set it to vcc-userback. The code assumes that vccdestroysocket passes NULL skb to vcc-push when the socket is closed, and then clippush...
CVE-2025-38534
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix copy-to-cache so that it performs collection with ceph+fscache The netfs copy-to-cache that is used by Ceph with local caching sets up a new request to write data just read to the cache. The request is started and then...
CVE-2025-38546
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clipvcc. ioctlATMARPMKIP allocates struct clipvcc and set it to vcc-userback. The code assumes that vccdestroysocket passes NULL skb to vcc-push when the socket is closed, and then clippush...
CVE-2025-38534 netfs: Fix copy-to-cache so that it performs collection with ceph+fscache
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix copy-to-cache so that it performs collection with ceph+fscache The netfs copy-to-cache that is used by Ceph with local caching sets up a new request to write data just read to the cache. The request is started and then...
CVE-2025-38534
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix copy-to-cache so that it performs collection with ceph+fscache The netfs copy-to-cache that is used by Ceph with local caching sets up a new request to write data just read to the cache. The request is started and then...
CVE-2024-12612
CVE-2024-12612 affects the WordPress plugin “School Management System for Wordpress” (versions up to 93.2.0) and allows unauthenticated SQL injection via multiple AJAX actions due to insufficient parameter escaping and poor query preparation. Impact per sources: attackers could append additional ...
MAL-2025-14986 Malicious code in async-changelog-semantic-release-higgs (npm)
The package async-changelog-semantic-release-higgs was found to contain malicious code...
MAL-2025-14989 Malicious code in async-operation (npm)
The package async-operation was found to contain malicious code...