19145 matches found
EUVD-2025-203749
In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin requestqueue lifetime The namespaces can access the controller's admin requestqueue, and stale references on the namespaces may exist after tearing down the controller. Ensure the admin requestqueue is active by...
EUVD-2025-203720
In the Linux kernel, the following vulnerability has been resolved: PCI: cadence: Check for the existence of cdnspcie::ops before using it cdnspcie::ops might not be populated by all the Cadence glue drivers. This is going to be true for the upcoming Sophgo platform which doesn't set the ops...
AZL-72490 CVE-2025-68265 affecting package kernel for versions less than 6.6.121.1-1
In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin requestqueue lifetime The namespaces can access the controller's admin requestqueue, and stale references on the namespaces may exist after tearing down the controller. Ensure the admin requestqueue is active by...
CVE-2025-68265
In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin requestqueue lifetime The namespaces can access the controller's admin requestqueue, and stale references on the namespaces may exist after tearing down the controller. Ensure the admin requestqueue is active by...
CVE-2025-68265
In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin requestqueue lifetime The namespaces can access the controller's admin requestqueue, and stale references on the namespaces may exist after tearing down the controller. Ensure the admin requestqueue is active by...
CVE-2025-68265 nvme: fix admin request_queue lifetime
In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin requestqueue lifetime The namespaces can access the controller's admin requestqueue, and stale references on the namespaces may exist after tearing down the controller. Ensure the admin requestqueue is active by...
CVE-2025-68265
CVE-2025-68265 concerns the Linux kernel NVMe subsystem. The issue is a use-after-free caused by accessing a controller’s admin request_queue after the controller is torn down, due to stale namespace references. The fix ensures the controller’s put is completed only after all controller reference...
CVE-2025-68265 nvme: fix admin request_queue lifetime
In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin requestqueue lifetime The namespaces can access the controller's admin requestqueue, and stale references on the namespaces may exist after tearing down the controller. Ensure the admin requestqueue is active by...
Portworx Half-Blind SSRF in kube-controller-manager
...
PT-2025-51678
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.13.2-ga1582f1a031e Description The Linux kernel had a flaw related to the admin request queue lifetime in the NVMe subsystem. Namespaces could access the controller's admin request queue, and stale references...
PT-2025-51691
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to a race condition within the dwc3 remove requests function. This occurs due to unsynchronized execution of multiple call paths, potentially...
PT-2025-51708
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Bluetooth implementation within the Linux kernel, specifically in the hci core component. The issue relates to improper locking mechanisms when handling Bluetooth...
CVE-2025-14722
A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537a648c30bf8cbc8148ec60437d1. This impacts the function Add of the file Admin/Controller/AddonsController.class.php of the component Backend. Executing manipulation can lead to cross site scripting. The attack can be executed...
CVE-2025-14722 vion707 DMadmin Backend AddonsController.class.php add cross site scripting
A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537a648c30bf8cbc8148ec60437d1. This impacts the function Add of the file Admin/Controller/AddonsController.class.php of the component Backend. Executing manipulation can lead to cross site scripting. The attack can be executed...
CVE-2025-14722 vion707 DMadmin Backend AddonsController.class.php add cross site scripting
A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537a648c30bf8cbc8148ec60437d1. This impacts the function Add of the file Admin/Controller/AddonsController.class.php of the component Backend. Executing manipulation can lead to cross site scripting. The attack can be executed...
CVE-2025-14722
CVE-2025-14722 affects vion707 DMadmin (Backend) with a Cross-Site Scripting vulnerability in the Add function of Admin/Controller/AddonsController.class.php. A remote attacker can manipulate input to trigger XSS; exploits have been publicly disclosed. Affected versions are prior to 3403cafdb4253...
CVE-2025-13281
A half-blind Server-Side Request Forgery SSRF found in kube-controller-manager that can be triggered when using the legacy in-tree Portworx StorageClass. An authorized user with sufficient privileges can cause the controller to make requests to internal, host-network–accessible endpoints,...
CVE-2025-13824
A security issue exists due to improper handling of malformed CIP packets during fuzzing. The controller enters a hard fault with solid red Fault LED and becomes unresponsive. Upon power cycle, the controller will enter recoverable fault where the MS LED and Fault LED become flashing red and...
GHSA-R6J8-C6R2-37RR kube-controller-manager is vulnerable to half-blind Server Side Request Forgery through in-tree Portworx StorageClass
A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...
EUVD-2025-203310
A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network including link-local ...