Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988706)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988706 advisory. In the Linux kernel, the following vulnerability has been resolved: phy: phy-mtk-tphy: Fix some resource leaks in mtkphyinit Use clkdisableunprepare in the error pat...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-989784)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989784 advisory. In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix struct clk leak on probe errors Make sure to release the pipe clock reference ...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989781)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989781 advisory. In the Linux kernel, the following vulnerability has been resolved: serial: core: check uartclk for zero to avoid divide by zero Calling ioctl TIOCSSERIAL with an...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989984)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989984 advisory. In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geniseclktblget This loop is supposed to break if the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990262)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990262 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989738)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989738 advisory. In the Linux kernel, the following vulnerability has been resolved: dmaengine: mvxorv2: Fix a resource leak in mvxorv2remove A clkprepareenable call in the probe is...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988968)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988968 advisory. In the Linux kernel, the following vulnerability has been resolved: clk: qcom: clk-rcg2: Update logic to calculate D value for RCG The display pixel clock has a...

CVE-2025-20743

The CVE-2025-20743 entry concerns the clkdbg component, where a use-after-free condition can lead to local privilege escalation if an attacker already has System privileges. The vulnerability does not require user interaction and has a local attack vector with low complexity. The patch reference ...

WordPress All in One Time Clock Lite plugin <= 2.0.3 - Missing Authorization to Page Creation and Information Exposure vulnerability

Missing Authorization to Page Creation and Information Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin All in One Time Clock Lite versions = 2.0.3...

CVE-2025-11758

The All in One Time Clock Lite plugin for WordPress is vulnerable to unauthorized access due to a missing authorization check in all versions up to, and including, 2.0.3. This is due to the plugin exposing admin-level AJAX actions to unauthenticated users via wpajaxnopriv hooks, while relying onl...

CVE-2025-11758 All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0.3 - Missing Authorization to Page Creation and Information Exposure

The All in One Time Clock Lite plugin for WordPress is vulnerable to unauthorized access due to a missing authorization check in all versions up to, and including, 2.0.3. This is due to the plugin exposing admin-level AJAX actions to unauthenticated users via wpajaxnopriv hooks, while relying onl...

CVE-2025-11758 All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0.3 - Missing Authorization to Page Creation and Information Exposure

The All in One Time Clock Lite plugin for WordPress is vulnerable to unauthorized access due to a missing authorization check in all versions up to, and including, 2.0.3. This is due to the plugin exposing admin-level AJAX actions to unauthenticated users via wpajaxnopriv hooks, while relying onl...

CVE-2025-11758

CVE-2025-11758 : All in One Time Clock Lite (WordPress)

PT-2025-44939

Name of the Vulnerable Software and Affected Versions All in One Time Clock Lite versions up to and including 2.0.3 Description The plugin exhibits unauthorized access due to a missing authorization check. Admin-level AJAX actions are exposed to unauthenticated users through wp ajax nopriv hooks,...

WordPress plugin All in One Time Clock Lite 安全漏洞

WordPress All in One Time Clock Lite plugin is a plugin for tracking employee attendance and supports clock-in record management for employees, volunteers and contractors. An unauthorized access vulnerability exists in WordPress All in One Time Clock Lite plugin, which stems from a lack of...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: clk: imx95-blk-ctl: Fixed synchronous abort When enabling runtime PM for clock suppliers that also belong to a power domain, the following crash occurs: Error: Synchronous external abort: 0000000096000010 1 PREEMPT SMP Workqueue:...

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: A NULL check has been added in raspberrypiclkregister. devmkasprintf returns NULL when memory allocation fails. Currently, raspberrypiclkregister does not check for this case, which results in a NULL pointer being...

USN-7835-4: Linux kernel (HWE) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; -...

USN-7835-4 linux-hwe-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; -...

OESA-2025-2555 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential out of bound read in ext4fcreplayscan For scan loop must ensure that at least EXT4FCTAGBASELEN space. If remain space less than...