CVE-2026-23033 dmaengine: omap-dma: fix dma_pool resource leak in error paths

In the Linux kernel, the following vulnerability has been resolved: dmaengine: omap-dma: fix dmapool resource leak in error paths The dmapool created by dmapoolcreate is not destroyed when dmaasyncdeviceregister or ofdmacontrollerregister fails, causing a resource leak in the probe error paths. A...

SUSE CVE-2025-71154

In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix memory leak on usbsubmiturb failure In asyncsetregisters, when usbsubmiturb fails, the allocated asyncreq structure and URB are not freed, causing a memory leak. The completion callback asyncsetregcb is...

salvo 跨站脚本漏洞

salvo is a web framework for Salvo open source . A cross-site scripting vulnerability exists in versions prior to salvo 0.88.1 , the vulnerability stems from the listhtml function does not properly clean up the path , which could lead to reflective cross-site scripting attacks...

CVE-2023-53994

In the Linux kernel, the following vulnerability has been resolved: ionic: remove WARNON to prevent paniconwarn Remove unnecessary early code development check and the WARNON that it uses. The irq alloc and free paths have long been cleaned up and this check shouldn't have stuck around so long...

CVE-2023-54070

CVE-2023-54070 relates to the igb driver in the Linux kernel. The issue occurs when SR-IOV is enabled and the igb module is removed; due to a cleanup path regression introduced after commit 50f303496d92, the cleanup in error paths after reinit can cause a hang/crash on systems with max_vfs set to...

CVE-2023-54070 igb: clean up in all error paths when enabling SR-IOV

In the Linux kernel, the following vulnerability has been resolved: igb: clean up in all error paths when enabling SR-IOV After commit 50f303496d92 "igb: Enable SR-IOV after reinit", removing the igb module could hang or crash depending on the machine when the module has been loaded with the maxv...

CVE-2023-54070 igb: clean up in all error paths when enabling SR-IOV

In the Linux kernel, the following vulnerability has been resolved: igb: clean up in all error paths when enabling SR-IOV After commit 50f303496d92 "igb: Enable SR-IOV after reinit", removing the igb module could hang or crash depending on the machine when the module has been loaded with the maxv...

UBUNTU-CVE-2023-53994

In the Linux kernel, the following vulnerability has been resolved: ionic: remove WARNON to prevent paniconwarn Remove unnecessary early code development check and the WARNON that it uses. The irq alloc and free paths have long been cleaned up and this check shouldn't have stuck around so long...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to clean up in all error paths when enabling SR-IOV, which could lead to a hang or crash on module...

SUSE CVE-2025-68219

In the Linux kernel, the following vulnerability has been resolved: cifs: fix memory leak in smb3fscontextparseparam error path Add proper cleanup of ctx-source and fc-source to the cifsparsemounterr error handler. This ensures that memory allocated for the source strings is correctly freed on al...

CVE-2025-68219

CVE-2025-68219 (Linux kernel, CIFS) fixes a memory leak in smb3_fs_context_parse_param error path. When processing Opt_source mount options, memory allocated for ctx->source and fc->source could leak if an error occurred after their allocation but before completion. The patch adds proper cl...

WordPress plugin LT Unleashed 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

Robocode 安全漏洞

Robocode is an open source programming game by Robocode. A security vulnerability exists in Robocode version 1.9.3.6, which stems from insufficient file path cleanup and could lead to arbitrary file deletion...

Thermo Fisher Torrent Suite Django application 安全漏洞

Thermo Fisher Torrent Suite Django application is a core software component of Thermo Fisher USA. A security vulnerability exists in Thermo Fisher Torrent Suite Django application version 5.18.1, which stems from improper path cleanup in the file upload feature and could lead to remote code...

Qualys Cloud Agent 安全漏洞

Qualys Cloud Agent is a lightweight application from Qualys, Inc. A single agent for real-time, global visibility and response. A security vulnerability exists in Qualys Cloud Agent that stems from not using absolute paths and not cleaning up the $PATH environment variable, which could lead to...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990264)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990264 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mesh: Fix leak of meshpreqqueue objects The hwmp code use objects of type...

SUSE CVE-2025-40093

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fecm: Refactor bind path to use free After an bind/unbind cycle, the ecm-notifyreq is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer...

CVE-2025-40094 usb: gadget: f_acm: Refactor bind path to use __free()

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: facm: Refactor bind path to use free After an bind/unbind cycle, the acm-notifyreq is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer...

CVE-2025-40093

The CVE-2025-40093 entry concerns the Linux kernel USB gadget ECM (f_ecm) bind path. The vulnerability arises after a bind/unbind cycle where ecm->notify_req remains stale, causing a NULL pointer dereference when the system tries to free a request via ep->ops->free_request during a subse...

CVE-2025-40092 usb: gadget: f_ncm: Refactor bind path to use __free()

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Refactor bind path to use free After an bind/unbind cycle, the ncm-notifyreq is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer...