92 matches found
CVE-2025-38684 net/sched: ets: use old 'nbands' while purging unused classes
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: use old 'nbands' while purging unused classes Shuang reported schets test-case 1 crashing in etsclassqlennotify after recent changes from Lion 2. The problem is: in etsqdiscchange we purge unused DWRR queues; the...
CVE-2025-38684
CVE-2025-38684 affects the Linux kernel’s net/sched ETS implementation. The issue arose from purging unused DRR queues during ets_qdisc_change(), where the code used the new value of q->nbands for cleanup. The fix ensures the purge uses the old values of q->nbands (and q->nstrict), so pu...
Oracle Linux 10 : kernel (ELSA-2025-13598)
The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-13598 advisory. - wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds - CVE-2025-38159 - Revert 'smb: client: fix TCP timers deadlock after rmmod'...
PT-2025-35957
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-116.el10.x86 64 Description A flaw was discovered in the Linux kernel's sch ets module related to the handling of queue bands during the purging of unused classes. Specifically, the code used an outdated...
net_sched: drr: Fix double list add in class with netem as child qdisc
...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog. The qdisctreereducebacklog function only notifies the parent qdisc if the child qdisc becomes empty. Therefore, we need to reduce the backlog of the child qdisc before calli...
UBUNTU-CVE-2025-37915
In the Linux kernel, the following vulnerability has been resolved: netsched: drr: Fix double list add in class with netem as child qdisc As described in Gerrard's report 1, there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of drr,...
kernel: ACPI: PAD: fix crash in exit_round_robin()
In the Linux kernel, the following vulnerability has been resolved: ACPI: PAD: fix crash in exitroundrobin The kernel occasionally crashes in cpumaskclearcpu, which is called within exitroundrobin, because when executing clearbitnr, addr with nr set to 0xffffffff, the address calculation may caus...
The vulnerability of the exit_round_robin() function in the ACPI kernel of Linux operating systems allows a hacker to trigger a service failure.
The vulnerability of the exitroundrobin function in ACPI components of Linux operating systems is related to the round-robin scheduling algorithm. Exploiting this vulnerability could allow an attacker to trigger a service failure...
SUSE CVE-2025-21971
In the Linux kernel, the following vulnerability has been resolved: netsched: Prevent creation of classes with TCHROOT The function qdisctreereducebacklog uses TCHROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. However, if a class is created wi...
AZL-58965 CVE-2025-21703 affecting package kernel for versions less than 5.15.180.1-1
In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog qdisctreereducebacklog notifies parent qdisc only if child qdisc becomes empty, therefore we need to reduce the backlog of the child qdisc before calling it. Otherwise it wou...
DEBIAN-CVE-2025-21703
In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog qdisctreereducebacklog notifies parent qdisc only if child qdisc becomes empty, therefore we need to reduce the backlog of the child qdisc before calling it. Otherwise it wou...
UBUNTU-CVE-2025-21703
In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog qdisctreereducebacklog notifies parent qdisc only if child qdisc becomes empty, therefore we need to reduce the backlog of the child qdisc before calling it. Otherwise it wou...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: ACPI: PAD: fixed a crash in exitroundrobin The kernel occasionally crashes in cpumaskclearcpu, which is called within exitroundrobin. This occurs when executing clearbitnr, addr with nr set to 0xffffffff. In such cases, the...
CVE-2025-23812
CVE-2025-23812 : Reflected Cross-Site Scripting in the NotFound Contact Form 7 Round Robin Lead Distribution plugin. Affected: Contact Form 7 Round Robin Lead Distribution from n/a up to version 1.2.1. CVSS v3.1 base score 7.1 (HIGH). Attack vector: NETWORK; Impact: Confidentiality, Integrity, an...
CVE-2025-23784 WordPress Contact Form 7 Round Robin Lead Distribution Plugin <= 1.2.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Jeffrey Contact Form 7 Round Robin Lead Distribution contact-form-7-round-robin-lead-distribution allows SQL Injection.This issue affects Contact Form 7 Round Robin Lead Distribution: from n/...
WordPress plugin Contact Form 7 Round Robin Lead Distribution 跨站脚本漏洞
WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin...
WordPress plugin Contact Form 7 Round Robin Lead Distribution SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin Contact Form 7 Round Robin Lead...
WordPress Contact Form 7 Round Robin Lead Distribution Plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Contact Form 7 Round Robin Lead Distribution versions = 1.2.1...
WordPress Contact Form 7 Round Robin Lead Distribution Plugin <= 1.2.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Contact Form 7 Round Robin Lead Distribution versions = 1.2.1...