EUVD-2023-60036

In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free read in ext4findextent for bigalloc + inline Syzbot found the following issue: loop0: detected capacity change from 0 to 2048 EXT4-fs loop0: mounted filesystem 00000000-0000-0000-0000-000000000000 without...

USN-7835-1 linux, linux-aws, linux-azure, linux-azure-6.8, linux-gcp, linux-gkeop, linux-ibm, linux-ibm-6.8, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-oracle vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; -...

USN-7835-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; -...

DEBIAN-CVE-2023-53725

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/cadence-ttc: Fix memory leak in ttctimerprobe Smatch reports: drivers/clocksource/timer-cadence-ttc.c:529 ttctimerprobe warn: 'timerbaseaddr' from ofiomap not released on lines: 498,508,516. timerbaseaddr may...

CVE-2023-53704

In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imx8mp: improve error handling in imx8mpclocksprobe Replace ofiomap and kzalloc with devmofiomap and devmkzalloc which can automatically release the related memory when the device or driver is removed or unloaded to...

DEBIAN-CVE-2022-50559

In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: fix memleak on platformdeviceadd fails No error handling is performed when platformdeviceadd fails. Add error processing before return, and modified the return value...

UBUNTU-CVE-2022-50559

In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: fix memleak on platformdeviceadd fails No error handling is performed when platformdeviceadd fails. Add error processing before return, and modified the return value...

CVE-2023-53725 clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe

In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/cadence-ttc: Fix memory leak in ttctimerprobe Smatch reports: drivers/clocksource/timer-cadence-ttc.c:529 ttctimerprobe warn: 'timerbaseaddr' from ofiomap not released on lines: 498,508,516. timerbaseaddr may...

CVE-2023-53725

CVE-2023-53725 affects the Linux kernel Cadence TTC clocksource driver, specifically the ttc_timer_probe path. The vulnerability is described as a memory leak caused by the base IO mapping not being released. The provided fixes replace the non-managed iomap usage with devm_of_iomap() and add clea...

CVE-2023-53704 clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe()

In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imx8mp: improve error handling in imx8mpclocksprobe Replace ofiomap and kzalloc with devmofiomap and devmkzalloc which can automatically release the related memory when the device or driver is removed or unloaded to...

CVE-2022-50559

CVE-2022-50559 affects the Linux kernel component clock: imx (scu). The issue is caused by missing error handling when platform_device_add() fails, leading to a memleak. The fix adds proper error processing before returning and adjusts the return value to reflect the error. The connected sources ...

CVE-2022-50559 clk: imx: scu: fix memleak on platform_device_add() fails

In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: fix memleak on platformdeviceadd fails No error handling is performed when platformdeviceadd fails. Add error processing before return, and modified the return value...

CVE-2025-6833

The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0 via the 'aiotimeclocklitejs' AJAX action due to missing validation on a user controlled key. This makes it...

CVE-2025-6833 All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Clocking In/Out

The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0 via the 'aiotimeclocklitejs' AJAX action due to missing validation on a user controlled key. This makes it...

CVE-2025-6833 All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Clocking In/Out

The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0 via the 'aiotimeclocklitejs' AJAX action due to missing validation on a user controlled key. This makes it...

CVE-2025-6833

The CVE-2025-6833 entry concerns the WordPress plugin All in One Time Clock Lite (

EUVD-2025-35357

The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0 via the 'aiotimeclocklitejs' AJAX action due to missing validation on a user controlled key. This makes it...

WordPress All in One Time Clock Lite plugin <= 2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Clocking In/Out vulnerability

Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Clocking In/Out vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin All in One Time Clock Lite versions = 2.0...

PT-2025-43126

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a memory leak in the ttc timer probe function within the cadence-ttc timer driver. The timer baseaddr resource, obtained through of iomap, was not consistently...

WordPress plugin All in One Time Clock Lite 安全漏洞

WordPress All in One Time Clock Lite plugin is a plugin for tracking employee attendance and supports employee/volunteer/contractor punch record management. The WordPress All in One Time Clock Lite plugin suffers from an insecure direct object reference vulnerability that stems from the applicati...