3175 matches found
WordPress WPC Countdown Timer for WooCommerce plugin <= 3.1.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WPC Countdown Timer for WooCommerce versions = 3.1.4...
UBUNTU-CVE-2025-40003
In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work The origin code calls canceldelayedwork in ocelotstatsdeinit to cancel the cyclic delayed work item ocelot-statswork. However, canceldelayedwork may fail to canc...
CVE-2025-40003
CVE-2025-40003 : In the Linux kernel’s mscc/ocelot code, use-after-free can occur due to cyclic delayed work being canceled inadequately during deinitialization. The code in ocelot_stats_deinit() calls cancel_delayed_work(), which may fail to stop a work item if it is already executing; the delay...
SUSE CVE-2025-39994
In the Linux kernel, the following vulnerability has been resolved: media: tuner: xc5000: Fix use-after-free in xc5000release The original code uses canceldelayedwork in xc5000release, which does not guarantee that the delayed work item timersleep has fully completed if it was already running. Th...
SUSE CVE-2025-39995
In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe The state-timer is a cyclic timer that schedules worki2cpoll and delayedworkenablehotplug, while rearming itself. Using timerdelete fails to guarantee...
media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe
...
EUVD-2025-34578
In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe The state-timer is a cyclic timer that schedules worki2cpoll and delayedworkenablehotplug, while rearming itself. Using timerdelete fails to guarantee...
CVE-2025-39995
In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe The state-timer is a cyclic timer that schedules worki2cpoll and delayedworkenablehotplug, while rearming itself. Using timerdelete fails to guarantee...
CVE-2025-39994
In the Linux kernel, the following vulnerability has been resolved: media: tuner: xc5000: Fix use-after-free in xc5000release The original code uses canceldelayedwork in xc5000release, which does not guarantee that the delayed work item timersleep has fully completed if it was already running. Th...
CVE-2025-39997
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in sndusbmidifree The previous commit 0718a78f6a9f "ALSA: usb-audio: Kill timer properly at removal" patched a UAF issue caused by the error timer. However, because the error timer kill...
DEBIAN-CVE-2025-39995
In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe The state-timer is a cyclic timer that schedules worki2cpoll and delayedworkenablehotplug, while rearming itself. Using timerdelete fails to guarantee...
UBUNTU-CVE-2025-39997
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in sndusbmidifree The previous commit 0718a78f6a9f "ALSA: usb-audio: Kill timer properly at removal" patched a UAF issue caused by the error timer. However, because the error timer kill...
UBUNTU-CVE-2025-39994
In the Linux kernel, the following vulnerability has been resolved: media: tuner: xc5000: Fix use-after-free in xc5000release The original code uses canceldelayedwork in xc5000release, which does not guarantee that the delayed work item timersleep has fully completed if it was already running. Th...
CVE-2025-39997
CVE-2025-39997: Linux kernel ALSA USB-Audio snd_usbmidi_free race to use-after-free. Root cause: an error timer kill added by commit 0718a78f (ALSA: usb-audio) runs after endpoint deletion, enabling a rare UAF in interrupt context; missing urb cleanup can also access freed memory. The fix is to k...
CVE-2025-39997 ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in sndusbmidifree The previous commit 0718a78f6a9f "ALSA: usb-audio: Kill timer properly at removal" patched a UAF issue caused by the error timer. However, because the error timer kill...
CVE-2025-39997 ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in sndusbmidifree The previous commit 0718a78f6a9f "ALSA: usb-audio: Kill timer properly at removal" patched a UAF issue caused by the error timer. However, because the error timer kill...
CVE-2025-39995
CVE-2025-39995: Linux kernel vulnerability in media: i2c: tc358743 where use-after-free occurs due to an orphan timer and in-flight delayed_work during probe failure. The cyclic timer schedules work_i2c_poll and delayed_work_enable_hotplug and may reference tc358743_state after it is freed. A fix...
CVE-2025-39995 media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe
In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe The state-timer is a cyclic timer that schedules worki2cpoll and delayedworkenablehotplug, while rearming itself. Using timerdelete fails to guarantee...
CVE-2025-39995 media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe
In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe The state-timer is a cyclic timer that schedules worki2cpoll and delayedworkenablehotplug, while rearming itself. Using timerdelete fails to guarantee...
CVE-2025-39994
The CVE-2025-39994 issue is in the Linux kernel’s media tuner xc5000: the code path xc5000_release() used cancel_delayed_work(), risking use-after-free of xc5000_priv if timer_sleep is still active. The fix replaces cancel_delayed_work() with cancel_delayed_work_sync() to ensure the delayed work ...