DEBIAN-CVE-2025-37982

In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251txwork The skb dequeued from txqueue is lost when wl1251pselpwakeup fails with a -ETIMEDOUT error. Fix that by queueing the skb back to txqueue...

DEBIAN-CVE-2025-37969

In the Linux kernel, the following vulnerability has been resolved: iio: imu: stlsm6dsx: fix possible lockup in stlsm6dsxreadtaggedfifo Prevent stlsm6dsxreadtaggedfifo from falling in an infinite loop in case patternlen is equal to zero and the device FIFO is not empty...

UBUNTU-CVE-2025-37980

In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blkregisterqueue error path When registering a queue fails after blkmqsysfsregister is successful but the function later encounters an error, we need to clean up the blkmqsysfs resources. Add the missi...

CVE-2025-37982 wifi: wl1251: fix memory leak in wl1251_tx_work

In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251txwork The skb dequeued from txqueue is lost when wl1251pselpwakeup fails with a -ETIMEDOUT error. Fix that by queueing the skb back to txqueue...

CVE-2025-37980 block: fix resource leak in blk_register_queue() error path

In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blkregisterqueue error path When registering a queue fails after blkmqsysfsregister is successful but the function later encounters an error, we need to clean up the blkmqsysfs resources. Add the missi...

CVE-2025-37920

In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race condition in AFXDP generic RX path Move rxlock from xsksocket to xskbuffpool. Fix synchronization for shared umem mode in generic RX path where multiple sockets share single xskbuffpool. RX queue is exclusive to...

UBUNTU-CVE-2025-37932

In the Linux kernel, the following vulnerability has been resolved: schhtb: make htbqlennotify idempotent htbqlennotify always deactivates the HTB class and in fact could trigger a warning if it is already deactivated. Therefore, it is not idempotent and not friendly to its callers, like...

CVE-2025-26086

An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction ...

CVE-2025-26086

An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction ...

CLSA-2025-1747725447 kernel: Fix of 35 CVEs

ext4: fix OOB read when checking dotdot dir CVE-2025-37785 - wifi: iwlwifi: limit printed string from FW file CVE-2025-21905 - drm/amdgpu: Fix potential out-of-bounds access in 'amdgpudiscoveryregbaseinit' CVE-2024-27042 - dm-crypt: don't modify the data when using authenticated encryption...

CVE-2025-26086

RSI Queue Management System v3.0 has an unauthenticated blind SQL injection in the TaskID parameter of the GET request handler. The vulnerability enables time-delayed SQL payloads to be remotely injected, causing measurable response delays that allow time-based inference and iterative extraction ...

PT-2025-25826

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab-use-after-free issue has been identified in the Linux kernel, specifically in the tipc aead encrypt done function. This issue can occur when the simd aead encrypt function is...

CVE-2025-26086

An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction ...

RSI Queue Management System 安全漏洞

RSI Queue Management System is an intelligent queue management system for the retail, healthcare or service industry from RSI Queue. A security vulnerability exists in RSI Queue Management System version v3.0 that stems from improper handling of the TaskID parameter, which could lead to an...

CVE-2025-26086

An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System v3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative extraction ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/uringcmd: unconditionally copy SQEs at prep time This isn't generally necessary, but conditions have been observed where SQE data is accessed from the original SQE after prep has been done and outside of the initial issue...

📄 RSI Queue Management System 3.0 SQL Injection

An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System version 3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative...

PT-2025-25806

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference count leak was introduced in the Linux kernel due to a recent patch that addressed a Use After Free UAF issue. The parallel data refcount is incremented unconditionally,...

SUSE CVE-2025-37890

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report 1, we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that...

PT-2025-21778 · Unknown · Rsi Queue Management System

Name of the Vulnerable Software and Affected Versions: RSI Queue Management System version 3.0 Description: An unauthenticated blind SQL injection issue exists within the TaskID parameter of the GET request handler. This allows attackers to remotely inject time-delayed SQL payloads, inducing serv...