CVE-2025-31255

CVE-2025-31255 is an authorization issue fixed by Apple in tvOS 26, watchOS 26, macOS Sonoma 14.8, iOS 26, and iPadOS 26, and macOS Sequoia 15.7. The vulnerability could allow an app to access sensitive user data due to improved state management. Connected sources provide explicit remediation thr...

CVE-2025-43279

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26. An app may be able to access user-sensitive data...

DEBIAN-CVE-2023-53259

In the Linux kernel, the following vulnerability has been resolved: VMCI: check context-notifypage after call to getuserpagesfast to avoid GPF The call to getuserpagesfast in vmcihostsetupnotify can return NULL context-notifypage causing a GPF. To avoid GPF check if context-notifypage == NULL and...

UBUNTU-CVE-2023-53259

In the Linux kernel, the following vulnerability has been resolved: VMCI: check context-notifypage after call to getuserpagesfast to avoid GPF The call to getuserpagesfast in vmcihostsetupnotify can return NULL context-notifypage causing a GPF. To avoid GPF check if context-notifypage == NULL and...

CVE-2022-50333 fs: jfs: fix shift-out-of-bounds in dbDiscardAG

In the Linux kernel, the following vulnerability has been resolved: fs: jfs: fix shift-out-of-bounds in dbDiscardAG This should be applied to most URSAN bugs found recently by syzbot, by guarding the dbMount. As syzbot feeding rubbish into the bmap descriptor...

CVE-2023-53259 VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF

In the Linux kernel, the following vulnerability has been resolved: VMCI: check context-notifypage after call to getuserpagesfast to avoid GPF The call to getuserpagesfast in vmcihostsetupnotify can return NULL context-notifypage causing a GPF. To avoid GPF check if context-notifypage == NULL and...

CVE-2023-53259 VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF

In the Linux kernel, the following vulnerability has been resolved: VMCI: check context-notifypage after call to getuserpagesfast to avoid GPF The call to getuserpagesfast in vmcihostsetupnotify can return NULL context-notifypage causing a GPF. To avoid GPF check if context-notifypage == NULL and...

CVE-2023-53259

CVE-2023-53259 (Linux kernel) is a local vulnerability in VMCI where vmci_host_setup_notify() may dereference a NULL context->notify_page after get_user_pages_fast(), causing a general protection fault. The fix, as documented in the advisory, is to validate context->notify_page and return a...

CVE-2022-50299

CVE-2022-50299 is a Linux kernel issue in the md (multiple device) module where snprintf() could wrap around when the total length of the block device names with slashes exceeds 200, leading to incorrect buffer sizing. The vulnerability arises from using snprintf; the fix is to replace snprintf w...

CVE-2022-50299 md: Replace snprintf with scnprintf

In the Linux kernel, the following vulnerability has been resolved: md: Replace snprintf with scnprintf Current code produces a warning as shown below when total characters in the constituent block device names plus the slashes exceeds 200. snprintf returns the number of characters generated from...

SUSE-SU-2025:03235-1 Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002342 fixes several issues. The following security issues were fixed: - CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245504. - CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. - CVE-2025-38001: netsched: hfsc: Address...

SUSE-SU-2025:03226-1 Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002325 fixes several issues. The following security issues were fixed: - CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245504. - CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. - CVE-2025-38001: netsched: hfsc: Address...

SUSE-SU-2025:03223-1 Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002317 fixes several issues. The following security issues were fixed: - CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245504. - CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579. - CVE-2025-38001: netsched: hfsc: Address...

Lawsuit About WhatsApp Security

Attaullah Baig, WhatsApp's former head of security, has filed a whistleblower lawsuit alleging that Facebook deliberately failed to fix a bunch of security flaws, in violation of its 2019 settlement agreement with the Federal Trade Commission. The lawsuit, alleging violations of the whistleblower...

PT-2025-37824

Name of the Vulnerable Software and Affected Versions: macOS versions prior to Sequoia 15.7 macOS versions prior to Sonoma 14.8 macOS versions prior to Tahoe 26 Description: An application may be able to access protected user data due to vulnerable code. The vulnerable code has been removed in th...

How to offboard a single protection unit from an Express backup policy in Veeam Data Cloud for M365

Challenge Issue Summary After creating an Express Protection Policy in Veeam Data Cloud for Microsoft 365, backups are retained for one year. These Express Protection Policies are built on the Microsoft 365 Backup storage backend. Over time, a situation may arise where you need to offboard a sing...

teler-waf

This repository is an open-source Go HTTP middleware called teler-waf, which protects local web services from various threats, including OWASP Top 10 vulnerabilities, malicious actors, botnets, and brute force attacks. The repository contains a variety of files, including issue templates, pull...

wazuh

This repository is an open-source security platform called Wazuh, which provides unified XDR and SIEM protection for endpoints and cloud workloads. The repository contains various files and templates for issue reporting, testing, and integration with external services. The probable entry points f...

PT-2025-40645

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the qed driver related to handling protection override GRC elements. The firmware can return an excessive number of these elements, leading to a...

SUSE-SU-2025:03214-1 Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002360 fixes several issues. The following security issue was fixed: - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU bsc1246030...