Linux Distros Unpatched Vulnerability : CVE-2017-8903

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host...

castleparadox.com Cross Site Scripting vulnerability OBB-4031617

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2025-35541

Name of the Vulnerable Software and Affected Versions Qualcomm Multi-Mode Call Processor affected versions not specified Qualcomm Snapdragon chips affected versions not specified Description A memory corruption issue exists when selecting the PLMN Public Land Mobile Network from the SOR Serving a...

Linux Distros Unpatched Vulnerability : CVE-2007-6761

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobufmapping data structures, which allows local users to trigge...

Important Photon OS Security Update - PHSA-2025-5.0-0481

Updates of 'grub2' packages of Photon OS have been released...

CVE-2025-21782 orangefs: fix a oob in orangefs_debug_write

In the Linux kernel, the following vulnerability has been resolved: orangefs: fix a oob in orangefsdebugwrite I got a syzbot report: slab-out-of-bounds Read in orangefsdebugwrite... several people suggested fixes, I tested Al Viro's suggestion and made this patch...

CVE-2024-52559 drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit()

In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: prevent integer overflow in msmioctlgemsubmit The "submit-cmdi.size" and "submit-cmdi.offset" variables are u32 values that come from the user via the submitlookupcmds function. This addition could lead to an integer...

CVE-2024-57977

CVE-2024-57977 is a Linux kernel vulnerability in memcg where the OOM task traversal could cause a soft lockup when thousands of processes reside in the OOM cgroup. The issue arises from scanning OOM tasks for each memory pressure event, delaying the watchdog handling. The documented fix adds a r...

CVE-2022-49720

In the Linux kernel, the following vulnerability has been resolved: block: Fix handling of offline queues in blkmqallocrequesthctx This patch prevents that test nvme/004 triggers the following: UBSAN: array-index-out-of-bounds in block/blk-mq.h:135:9 index 512 is out of range for type 'long...

CVE-2022-49708

CVE-2022-49708 affects the Linux kernel ext4 file system (mballoc allocator). The issue is triggered by a BUG_ON path in ext4_mb_use_inode_pa during disk space accounting, leading to a kernel crash when fsync/writeback paths exercise preallocation and inode pa blocks. Reproduction steps involve c...

CVE-2022-49201 ibmvnic: fix race between xmit and reset

In the Linux kernel, the following vulnerability has been resolved: ibmvnic: fix race between xmit and reset There is a race between reset and the transmit paths that can lead to ibmvnicxmit accessing an scrq after it has been freed in the reset path. It can result in a crash like: Kernel attempt...

CVE-2022-49085 drbd: Fix five use after free bugs in get_initial_state

In the Linux kernel, the following vulnerability has been resolved: drbd: Fix five use after free bugs in getinitialstate In getinitialstate, it calls notifyinitialstatedoneskb,.. if cb-args5==1. If genlmsgput failed in notifyinitialstatedone, the skb will be freed by nlmsgfreeskb. Then...

CVE-2022-49066

In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth device with actmirred, skbheadlen may be 0. But vethxmit calls devforwardskb, which expects at least ETHHLEN byte of linear data as...

Photon OS 4.0: Gnutls PHSA-2025-4.0-0759

An update of the gnutls package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0759. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2025-27146

Summary (CVE-2025-27146): The Matrix-based bridge matrix-appservice-irc (Node.js) up to version 3.0.3 contains a vulnerability that allows an attacker to inject and execute arbitrary IRC commands as their own puppeted user. The issue is resolved in version 3.0.4. Multiple connected sources corrob...

Matrix IRC Bridge allows IRC command injection to own puppeted user

Impact The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. Patches The vulnerability has been patched in matrix-appservice-irc...

GHSA-5MVM-89C9-9GM5 Matrix IRC Bridge allows IRC command injection to own puppeted user

Impact The matrix-appservice-irc bridge up to version 3.0.3 contains a vulnerability which can lead to arbitrary IRC command execution as the puppeted user. The attacker can only inject commands executed as their own IRC user. Patches The vulnerability has been patched in matrix-appservice-irc...

CVE-2025-23024

GLPI is a free asset and IT management software package. Starting in version 0.72 and prior to version 10.0.18, an anonymous user can disable all the active plugins. Version 10.0.18 contains a patch. As a workaround, one may delete the install/update.php file...

Siemens SIMATIC Devices Linux Kernel NULL Pointer Dereference (CVE-2022-3606)

A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function findprogbysecinsn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The...

SUSE-SU-2025:0675-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 40 bsc1236470: - CVE-2025-21502: unauthenticated attacker can obtain unauthorized read and write access to data through the Hotspot component API bsc1236278...