139 matches found
CVE-2025-40342 nvme-fc: use lock accessing port_state and rport state
In the Linux kernel, the following vulnerability has been resolved: nvme-fc: use lock accessing portstate and rport state nvmefcunregisterremote removes the remote port on a lport object at any point in time when there is no active association. This races with with the reconnect logic, because...
CVE-2025-40342 nvme-fc: use lock accessing port_state and rport state
In the Linux kernel, the following vulnerability has been resolved: nvme-fc: use lock accessing portstate and rport state nvmefcunregisterremote removes the remote port on a lport object at any point in time when there is no active association. This races with with the reconnect logic, because...
Linux Distros Unpatched Vulnerability : CVE-2025-40342
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvme-fc: use lock accessing portstate and rport state nvmefcunregisterremote removes the remote port on a lport object at any point in time when there is no...
UBUNTU-CVE-2025-66570
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTEADDR, REMOTEPORT,...
EUVD-2025-201455
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. An attacker can inject headers named REMOTEADDR, REMOTEPORT,...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989414)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989414 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix scheduling while atomic The driver makes a call into midlayer fcremoteportdele...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989807)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989807 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fclportptpsetup fclportptpsetup did not...
EUVD-2025-36727
On affected platforms, restricted users could use SSH port forwarding to access host-internal services...
Sensitive Information Exposure
com.liferay.portal, com.liferay.portal.kernel is vulnerable to Sensitive Information Exposure. The vulnerability is due to remote staging not properly obtaining the live site's remote address from the database, which allows remote authenticated users—who can obtain the staging server’s shared...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986538)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986538 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fclportptpsetup fclportptpsetup did not...
EUVD-2022-55309
Malicious code in bioql PyPI...
EUVD-2025-29221
Malicious code in bioql PyPI...
CVE-2025-43792
Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly obtain the remote address of the live site from th...
CVE-2023-53322
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Wait for io return on terminate rport System crash due to use after free. Current code allows terminaterportio to exit before making sure all IOs has returned. For FCP-2 device, IO's can hang on in HW because drive...
External Control of System or Configuration Setting
Overview Affected versions of this package are vulnerable to External Control of System or Configuration Setting in the staging of live sites. An attacker can exfiltrate sensitive data to an external server by supplying malicious values for the remoteAddress and remotePort parameters. Note: This ...
GHSA-VP64-77C6-33H8 Liferay Portal has External Control of System or Configuration Settings
Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly obtain the remote address of the live site from th...
CVE-2025-43792
Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly obtain the remote address of the live site from th...
CVE-2025-43792
Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly obtain the remote address of the live site from th...
CVE-2025-43792
Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly obtain the remote address of the live site from th...
CVE-2025-43792
CVE-2025-43792 affects Liferay Portal 7.4.0–7.4.3.105 and older unsupported versions, and Liferay DXP 2023.Q4.0/2023.Q3.x, where the live-site remote address is not reliably obtained from the database. This allows remote authenticated users to exfiltrate data to an attacker-controlled server via ...