OESA-2025-2545 qt5-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: An issue was found in the private API function qDecodeDataUrl in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that...

rxrpc: Fix handling of received connection abort

...

CVE-2025-54970

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job owner...

CVE-2025-54970

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job owner...

CVE-2025-54970

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job owner...

CVE-2025-54970

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job owner...

EUVD-2025-36207

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job owner...

PT-2025-43990

Name of the Vulnerable Software and Affected Versions BAE SOCET GXP versions prior to 4.6.0.2 Description The SOCET GXP Job Status Service does not properly authenticate requests. This can allow remote or local users to perform actions, such as aborting jobs or reading information, without the...

BAE Systems SOCET GXP 安全漏洞

BAE Systems SOCET GXP is a high-end geographic information image analysis and mapping software from BAE Systems. A security vulnerability exists in BAE Systems SOCET GXP prior to version 4.6.0.2, which originates from an unauthenticated request from the SOCET GXP Job Status Service, and could cau...

CVE-2025-54970

BAE Systems SOCET GXP prior to version 4.6.0.2 contains a vulnerability in the Job Status Service where requests are not authenticated. In affected configurations, remote or local users may abort jobs or read information without the job owner’s permissions. The issue is documented across multiple...

Linux Distros Unpatched Vulnerability : CVE-2025-39966

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iommufd: Fix race during abort for file descriptors fput doesn't actually call fileoperations release synchronously, it puts the file on a work queue and it wi...

SUSE CVE-2022-50549

In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix ABBA deadlock between shrinkslab and dmpoolabortmetadata Following concurrent processes: P1drop cache P2kworker dropcachessysctlhandler dropslab shrinkslab downread&shrinkerrwsem - LOCK A doshrinkslab supercachescan...

Siemens SIMATIC Devices NULL Pointer Dereference (CVE-2024-57981)

usb: xhci: NULL pointer dereference on certain command aborts. If a command is queued to the final usable TRB of a ring segment, the enqueue pointer is advanced to the subsequent link TRB and no further. If the command is later aborted, when the abort completion is handled the dequeue pointer is...

DEBIAN-CVE-2023-53701

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: deactivate anonymous set from preparation phase backport for 4.14 of c1592a89942e9678f7d9c8030efa777c0d57edab Toggle deleted anonymous sets as inactive in the next generation, so users cannot perform any upda...

EUVD-2022-55051

In the Linux kernel, the following vulnerability has been resolved: ext4: fix ext4mbmarkbb with flexbg with fastcommit In case of flexbg feature which is by default enabled, extents for any given inode might span across blocks from two different block group. ext4mbmarkbb only reads the bufferhead...

EUVD-2023-60022

In the Linux kernel, the following vulnerability has been resolved: mm/vmemmap/devdax: fix kernel crash when probing devdax devices commit 4917f55b4ef9 "mm/sparse-vmemmap: improve memory savings for compound devmaps" added support for using optimized vmmemap for devdax devices. But how vmemmap...

EUVD-2022-55661

In the Linux kernel, the following vulnerability has been resolved: fs: jfs: fix shift-out-of-bounds in dbAllocAG Syzbot found a crash : UBSAN: shift-out-of-bounds in dbAllocAG. The underlying bug is the missing check of bmp-dbagl2size. The field can be greater than 64 and trigger the...

CVE-2023-53701 netfilter: nf_tables: deactivate anonymous set from preparation phase

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: deactivate anonymous set from preparation phase backport for 4.14 of c1592a89942e9678f7d9c8030efa777c0d57edab Toggle deleted anonymous sets as inactive in the next generation, so users cannot perform any upda...

CVE-2023-53701

CVE-2023-53701 has been rejected by its CNA; this CVE ID is not active.

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987647)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987647 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: fix abort logic in btrfsreplacefileextents Error injection testing uncovered a case where...