kernel: tls: always refresh the queue when reading sock

In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This unearthed a bug in TLS where we may try to operate on an old skb when checking if all skbs in the que...

kernel: tls: always refresh the queue when reading sock

In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This unearthed a bug in TLS where we may try to operate on an old skb when checking if all skbs in the que...

ALSA-2025:14009 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: bpf, testrun: Fix use-after-free issue in ethskbpkttype CVE-2025-21867 kernel: net: fix udp gso skbsegment after pull from fraglist CVE-2025-38124 kernel: Bluetooth: hcicore: Fix...

Malicious code in ev-refresh-cf (npm)

The package ev-refresh-cf was found to contain malicious code...

Malicious code in fullcube-recurly-refresh (npm)

The package fullcube-recurly-refresh was found to contain malicious code...

MAL-2025-19918 Malicious code in ev-refresh-cf (npm)

The package ev-refresh-cf was found to contain malicious code...

MAL-2025-21038 Malicious code in fullcube-recurly-refresh (npm)

The package fullcube-recurly-refresh was found to contain malicious code...

CVE-2025-43734

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows...

Linux Distros Unpatched Vulnerability : CVE-2019-9796

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration ...

Linux Distros Unpatched Vulnerability : CVE-2023-53052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cifs: fix use-after-free bug in refreshcacheworker The UAF bug occurred because we were putting DFS root sessions in cifsumount while DFS cache refresher was...

Linux Distros Unpatched Vulnerability : CVE-2018-18499

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http- equiv=refresh on a page to cause a redirection to another...

CVE-2025-44960

RUCKUS SmartZone SZ before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route...

RUCKUS SmartZone 操作系统命令注入漏洞

RUCKUS SmartZone is a network controller from RUCKUS. An operating system command injection vulnerability exists in versions prior to RUCKUS SmartZone 6.1.2p3 Refresh Build, which stems from OS command injection in API routing and could lead to a security risk...

Malicious code in vite-plugin-reactjs-refresh (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4abf589cdec43e8ba609988d38155d5965b59ac6a83b1d251405fdf13629cdce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-6377 Malicious code in vite-plugin-reactjs-refresh (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4abf589cdec43e8ba609988d38155d5965b59ac6a83b1d251405fdf13629cdce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-38471

In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This unearthed a bug in TLS where we may try to operate on an old skb when checking if all skbs in the que...

UBUNTU-CVE-2025-38471

In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This unearthed a bug in TLS where we may try to operate on an old skb when checking if all skbs in the que...

Malicious code in vitejs-plugin-react-refresh (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1686bc018b42cf0146c11ecc1796ef7bad5ed0bb6b07eae4ceffd65b35f36255 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-6247 Malicious code in vitejs-plugin-react-refresh (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1686bc018b42cf0146c11ecc1796ef7bad5ed0bb6b07eae4ceffd65b35f36255 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE-SU-2025:20487-1 Security update for salt

This update for salt fixes the following issues: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 - CVE-2024-38824: Fixed directory traversal...