RHEL 8 : kernel-rt (RHSA-2025:13590)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:13590 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

HP BIOS Flash Protection Security Update

A potential security vulnerability has been identified in the System BIOS for some HP PC products, which might allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure via a physical attack that requires specialized equipment and knowledge. HP is...

Linux Distros Unpatched Vulnerability : CVE-2025-37809

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Fix NULL pointer access Concurrent calls to typecpartnerunlinkdevice can...

Linux Distros Unpatched Vulnerability : CVE-2023-53038

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: lpfc: Check kzalloc in lpfcsli4cgnparamsread If kzalloc fails in lpfcsli4cgnparamsread, then we rely on lpfcreadobject's routine to NULL check pdata...

Siemens SINUMERIK

SUMMARY Siemens SINUMERIK Controllers are affected by an improper VNC password check vulnerability. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends...

kernel: ipv6: mcast: extend RCU protection in igmp6_send()

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6send igmp6send can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note that we no longer can use...

kernel: ipv6: mcast: extend RCU protection in igmp6_send()

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6send igmp6send can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note that we no longer can use...

Moderate: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Selective KV-Cache Sharing to Mitigate Timing Side-Channels in LLM Inference

Global KV-cache sharing has emerged as a key optimization for accelerating large language model LLM inference. However, it exposes a new class of timing side-channel attacks, enabling adversaries to infer sensitive user inputs via shared cache entries. Existing defenses, such as per-user isolatio...

Dell PowerProtect Data Domain OS Command Injection Vulnerability (CNVD-2025-22718)

Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell, USA. A security vulnerability exists in Dell PowerProtect Data Domain, which can be exploited by an attacker to cause arbitrary commands to be...

PT-2025-32564 · Abb · Abb Aspect

Name of the Vulnerable Software and Affected Versions: ABB Aspect versions prior to 3.08.04-s01 Description: The software contains an insufficiently protected credentials issue. Recommendations: Update to version 3.08.04-s01 or later...

The vulnerability of the recovery environment in Dell SupportAssist OS Recovery, due to insufficient protection of operational data, allows a perpetrator to disclose protected information.

The vulnerability of the recovery environment in Dell SupportAssist OS Recovery is related to insufficient protection for operational data. Exploiting this vulnerability can allow attackers to disclose protected information...

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to gain unauthorized access to protected information and perform cross-site scripting attacks.

The vulnerability in the web interface of the Cisco Identity Services Engine ISE management platform relates to the lack of protective measures for the website structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: padata: fix UAF in padatareorder CVE-2025-21727 kernel: ipv6: mcast: extend RCU protection in igmp6send CVE-2025-21759 kernel: can: peakusb: fix use after free bugs CVE-2021-47670 kernel:...

Moderate: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: padata: fix UAF in padatareorder CVE-2025-21727 kernel: ipv6: mcast: extend RCU protection in igmp6send CVE-2025-21759 kernel: can...

Dell Digital Delivery Information Disclosure Vulnerability

Dell Digital Delivery is a digital software delivery service offered by Dell that allows users to shop for and automatically download and install paid software e.g., Microsoft Office, Photoshop, etc. in tandem with the purchase of a Dell computer. An information disclosure vulnerability exists in...

Linux Distros Unpatched Vulnerability : CVE-2022-50126

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jbd2: fix assertion 'jh-bfrozendata == NULL' failure when journal aborted Following process will fail assertion 'jh-bfrozendata == NULL' in...

Linux Distros Unpatched Vulnerability : CVE-2025-38203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jfs: Fix null-ptr-deref in jfsioctrim Syzkaller Report Oops: general protection fault, probably for non-canonical address 0xdffffc0000000087: 0000 1 KASAN:...

ALSA-2025:13590 Moderate: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: padata: fix UAF in padatareorder CVE-2025-21727 kernel: ipv6: mcast: extend RCU protection in igmp6send CVE-2025-21759 kernel: can...

Linux Distros Unpatched Vulnerability : CVE-2025-38323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: atm: add lecmutex syzbot found its way in net/atm/lec.c, and found an error path in lecdattach could leave a dangling pointer in devlec. Add a mutex to...