AZL-58929 CVE-2025-21763 affecting package kernel for versions less than 6.6.82.1-1

In the Linux kernel, the following vulnerability has been resolved: neighbour: use RCU protection in neighnotify neighnotify can be called without RTNL or RCU protection. Use RCU protection to avoid potential UAF...

SUSE CVE-2022-49090

In the Linux kernel, the following vulnerability has been resolved: arch/arm64: Fix topology initialization for core scheduling Arm64 systems rely on storecputopology to call updatesiblingsmasks to transfer the toplogy to the various cpu masks. This needs to be done before the call to...

SUSE CVE-2022-49171

In the Linux kernel, the following vulnerability has been resolved: ext4: don't BUG if someone dirty pages without asking ext4 first unpinuserpagesremote is dirtying pages without properly warning the file system in advance. A related race was noted by Jan Kara in 20181; however, more recently...

CVE-2025-21763

In the Linux kernel, the following vulnerability has been resolved: neighbour: use RCU protection in neighnotify neighnotify can be called without RTNL or RCU protection. Use RCU protection to avoid potential UAF...

CVE-2025-26264

GeoVision GV-ASWeb with the version 6.1.2.0 or less fixed in 6.2.0, contains a Remote Code Execution RCE vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges in ASWeb can exploit this flaw to execute arbitrary commands on the server,...

CVE-2025-26264

Geovision GV-ASWeb (ASManager) versions 6.1.2.0 or earlier are affected by a Remote Code Execution (RCE) vulnerability in the Notification Settings feature. An authenticated attacker with System Settings privileges can exploit this flaw to run arbitrary commands on the server, potentially leading...

CVE-2025-27137

Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the SYSTEMCONFIGURATION permission to customize notification templates. Templates are evaluated using the Pebble template engine...

Exploit for CVE-2025-26264

CVE-2025-26264 CVE-2025-26264 - GeoVision GV-ASWeb with the ve...

DEBIAN-CVE-2022-49630

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctltcpecnfallback. While reading sysctltcpecnfallback, it can be changed concurrently. Thus, we need to add READONCE to its reader...

UBUNTU-CVE-2022-49171

In the Linux kernel, the following vulnerability has been resolved: ext4: don't BUG if someone dirty pages without asking ext4 first unpinuserpagesremote is dirtying pages without properly warning the file system in advance. A related race was noted by Jan Kara in 20181; however, more recently...

CVE-2022-49085

CVE-2022-49085 affects the Linux kernel’s drbd path, fixing five use-after-free bugs in get_initial_state where skb could be freed and later dereferenced. The issue arises when notify_initial_state_done and subsequent notify_*_state_change calls free skb on error, leading to a use-after-free via ...

CVE-2022-49085 drbd: Fix five use after free bugs in get_initial_state

In the Linux kernel, the following vulnerability has been resolved: drbd: Fix five use after free bugs in getinitialstate In getinitialstate, it calls notifyinitialstatedoneskb,.. if cb-args5==1. If genlmsgput failed in notifyinitialstatedone, the skb will be freed by nlmsgfreeskb. Then...

CVE-2022-49085

In the Linux kernel, the following vulnerability has been resolved: drbd: Fix five use after free bugs in getinitialstate In getinitialstate, it calls notifyinitialstatedoneskb,.. if cb-args5==1. If genlmsgput failed in notifyinitialstatedone, the skb will be freed by nlmsgfreeskb. Then...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a bug triggered when the ext4 driver dirty pages without notifying the filesystem, which could lead to data...

GHSA-7WRW-R4P8-38RX vulnerabilities

Vulnerabilities for packages: kyverno-policy-reporter-kyverno-plugin, kustomize, docker-credential-gcr, harbor-registry, terraform, direnv, aws-signer-notation-plugin, velero-plugin-for-aws, sftpgo-plugin-pubsub, kubernetes, gitness, petname, victoriametrics-operator, restic, vault-benchmark,...

GHSA-7498-H3M9-7WV2 vulnerabilities

Vulnerabilities for packages: openjdk...

CVE-2025-27137

Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the SYSTEMCONFIGURATION permission to customize notification templates. Templates are evaluated using the Pebble template engine...

CVE-2025-27137 Dependency-Track vulnerable to local file inclusion via custom notification templates

Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the SYSTEMCONFIGURATION permission to customize notification templates. Templates are evaluated using the Pebble template engine...

CVE-2025-27137 Dependency-Track vulnerable to local file inclusion via custom notification templates

Dependency-Track is a component analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track allows users with the SYSTEMCONFIGURATION permission to customize notification templates. Templates are evaluated using the Pebble template engine...

CVE-2025-27137

Summary: CVE-2025-27137 affects Dependency-Track where templates are evaluated with Pebble and can be manipulated via the include tag. Prior to version 4.12.6, users with the SYSTEM_CONFIGURATION permission could exploit include to read arbitrary local files (e.g., /etc/passwd, /proc/1/environ) b...