AZL-64395 CVE-2025-38087 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in tapriodevnotifier Since taprio’s tapriodevnotifier isn’t protected by an RCU read-side critical section, a race with advancesched can lead to a use-after-free. Adding rcureadlock inside...

UBUNTU-CVE-2025-38087

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in tapriodevnotifier Since taprio’s tapriodevnotifier isn’t protected by an RCU read-side critical section, a race with advancesched can lead to a use-after-free. Adding rcureadlock inside...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the lack of an RCU read-side critical region in tapriodevnotifier, which could lead to reuse after release...

CVE-2025-38041

In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h616: Reparent GPU clock during frequency changes The H616 manual does not state that the GPU PLL supports dynamic frequency configuration, so we must take extra care when changing the frequency. Currently any...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in tapriodevnotifier Since taprio’s tapriodevnotifier isn’t protected by an RCU read-side critical section, a race with advancesched can lead to a use-after-free. Adding rcureadlock inside...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use-after-free in lineinfochangednotify The use-after-free issue occurs as follows: When the GPIO chip device file is closed by invoking gpiochrdevrelease, the watchedlines object is freed by bitmapfree. Howeve...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: drm/xe/hmm: Do not dereference struct page pointers without holding the notifier lock. The pnfs that we obtain from hmmrangefault point to pages that we do not own. The guarantee that these pages are still in the CPU page tabl...

PT-2025-27417

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free issue has been identified in the Linux kernel, specifically in the taprio dev notifier function. This issue arises due to a race condition with advance sched because...

nodejs:20 security update

nodejs 1:20.19.2-1 - Update to version 20.19.2 Fixes: CVE-2025-23166 Resolves: RHEL-91595 RHEL-89598 RHEL-92854 1:20.19.1-1 - Update to version 20.19.1 Resolves: RHEL-78763 1:20.18.2-4 - Update c-ares to 1.34.5 to address CVE-2025-31498 1:20.18.2-3 - Remove obsolete lua pretransaction script from...

CVE-2024-28154

Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default...

CVE-2024-4038

The The Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.3.1. This is due to the plugin for WordPress allowing users to execute an action that does not proper...

CVE-2024-10048

The Post Status Notifier Lite and Premium plugins for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.11.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2023-24451

A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

CVE-2023-2179

The WooCommerce Order Status Change Notifier WordPress plugin through 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making...

CVE-2023-47766

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timo Reith Post Status Notifier Lite plugin = 1.11.0 versions...

CVE-2022-46166

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...

CVE-2022-41248

Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it...

CVE-2022-41247

Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34805

Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2022-34802

Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system...