6095 matches found
CVE-2025-38479
In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: free irq correctly in remove path Add fsledma-txirq/errirq check to avoid below warning because no errirq at i.MX9 platform. Otherwise there will be kernel dump: WARNING: CPU: 0 PID: 11 at...
CVE-2025-38575
In the Linux kernel, the following vulnerability has been resolved: ksmbd: use aeadrequestfree to match aeadrequestalloc Use aeadrequestfree instead of kfree to properly free memory allocated by aeadrequestalloc. This ensures sensitive crypto data is zeroed before being freed...
CVE-2025-37860
In the Linux kernel, the following vulnerability has been resolved: sfc: fix NULL dereferences in ef100processdesignparam Since cited commit, ef100probemain and hence also ef100checkdesignparams run before efx-netdev is created; consequently, we cannot netifsettsomaxsize or segs at this point. Mo...
Advisory ROSA-SA-2025-2848
Software: libsndfile 1.0.28 OS: ROSA Virtualization 2.1 packageevrstring: libsndfile-1.0.28-16.rv3 CVE-ID: CVE-2022-33065 BDU-ID: 2025-03968 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the aureadheader function of the src/au.c component of the Libsndfile audio file reading and writing library...
Advisory ROSA-SA-2025-2850
Software: libX11 1.6.8 OS: ROSA Virtualization 2.1 packageevrstring: libX11-1.6.8-9.0.1.rv3 CVE-ID: CVE-2020-14344 BDU-ID: 2020-03916 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the X Window System libX11 client API provisioning library is caused by an integer overflow. Exploitation of the...
Advisory ROSA-SA-2025-2835
Software: bind-dyndb-ldap 11.6 OS: ROSA Virtualization 2.1 packageevrstring: bind-dyndb-ldap-11.6-5.rv3 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithm...
Advisory ROSA-SA-2025-2832
Software: avahi 0.7 OS: ROSA Virtualization 2.1 packageevrstring: avahi-0.7-21.0.1.rv3 CVE-ID: CVE-2023-1981 BDU-ID: 2023-03858 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Avahi Local Area Network Service Discovery System involves uncontrolled resource consumption. Exploitation of the...
Advisory ROSA-SA-2025-2833
Software: binutils 2.30 OS: ROSA Virtualization 2.1 packageevrstring: binutils-2.30-125.0.1.rv3 CVE-ID: CVE-2018-12699 BDU-ID: 2021-01389 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the finishstab function of the stabs.c file of the Binutils program development kit is related to an operation...
Advisory ROSA-SA-2025-2825
Software: python-pip 9.0.3 OS: ROSA Virtualization 3.0 packageevrstring: python-pip-9.0.3-24.rv30 CVE-ID: CVE-2007-4559 BDU-ID: 2022-05975 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the extract and extractall functions of the tarfile module of the Python programming language interpreter is...
Advisory ROSA-SA-2025-2823
Software: python-dns 1.15.0 OS: ROSA Virtualization 3.0 packageevrstring: python-dns-1.15.0-12.rv30 CVE-ID: CVE-2023-29483 BDU-ID: 2025-03301 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the Python toolkit dnspython is related to insufficient validation of user input. Exploitation of the...
Advisory ROSA-SA-2025-2830
Software: golang 1.19.13 OS: ROSA Virtualization 3.0 packageevrstring: golang-1.19.13-2.rv30 CVE-ID: CVE-2023-29402 BDU-ID: 2023-03201 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Cgo module of the Go programming language is related to incorrect code generation control when handling directory...
Advisory ROSA-SA-2025-2820
Software: tcpdump 4.9.3 OS: ROSA Virtualization 3.0 packageevrstring: tcpdump-4.9.3-5.rv30 CVE-ID: CVE-2021-41043 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: The Use after free vulnerability in tcpslice causes AddressSanitizer, with no other confirmed impact. CVE-STATUS: The vulnerability has been...
Advisory ROSA-SA-2025-2815
Software: binutils 2.30 OS: ROSA Virtualization 3.0 packageevrstring: binutils-2.30-125.rv30 CVE-ID: CVE-2018-12699 BDU-ID: 2021-01389 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the finishstab function of the stabs.c file of the Binutils program development kit is related to an operation...
Advisory ROSA-SA-2025-2817
Software: rpm 4.14.3 OS: ROSA Virtualization 3.0 packageevrstring: rpm-4.14.3-31.rv30 CVE-ID: CVE-2021-35937 BDU-ID: 2021-03555 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the RPM Package Manager RPM of Red Hat Enterprise Linux operating systems is caused by a race condition. Exploitation of t...
Advisory ROSA-SA-2025-2812
Software: mariadb 10.5.27 OS: ROSA Virtualization 3.0 packageevrstring: mariadb-10.5.27-1.rv30 CVE-ID: CVE-2023-22084 BDU-ID: 2023-06913 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the InnoDB component of the MySQL Server database management system is related to insufficient input validation...
Advisory ROSA-SA-2025-2807
Software: less 530 OS: ROSA Virtualization 3.0 packageevrstring: less-530-3.rv30 CVE-ID: CVE-2022-48624 BDU-ID: 2024-04438 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the closealtfile filename.c function for UNIX-like Less text terminals is related to the skipping of Shellquote calls for...
Advisory ROSA-SA-2025-2792
Software: bind-dyndb-ldap 11.6 OS: ROSA Virtualization 3.0 packageevrstring: bind-dyndb-ldap-11.6-5.rv30 CVE-ID: CVE-2023-50387 BDU-ID: 2024-01359 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the...
Advisory ROSA-SA-2025-2791
Software: bind 9.11.36 OS: ROSA Virtualization 3.0 packageevrstring: bind-9.11.36-16.rv30.4 CVE-ID: CVE-2022-3094 BDU-ID: 2023-00580 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the named component of the DNS BIND server is related to the ability to use memory after it has been freed. Exploitatio...
Security Bulletin: IBM Software Support mobile app is vulnerable to multiple vulnerabilities due to 3rd party software
Summary This release includes information about multiple vulnerabilities, improving the overall security and stability of the application. The types of vulnerabilities resolved include: Axios Vulnerability: Addressed an issue that could potentially cause SSRF and credential leakage server and...
WordPress Accordion plugin <= 2.3.11 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin Accordion versions = 2.3.11...