CVE-2025-38643

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Add missing lock in cfg80211checkandendcac Callers of wdevchandef must hold the wiphy mutex. But the worker cfg80211propagatecacdonewk never takes the lock. Which triggers the warning below with the...

libtiff-devel-32bit-4.7.0-8.1 on GA media (moderate)

libtiff-devel-32bit-4.7.0-8.1 on GA media Announcement ID: openSUSE-SU-2025:15487-1 Rating: moderate Cross-References: CVE-2024-13978 CVE-2025-8534 CVE-2025-9165 CVSS scores: CVE-2024-13978 SUSE : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-13978 SUSE : 5.7...

terragrunt-0.85.1-1.1 on GA media (moderate)

terragrunt-0.85.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:15486-1 Rating: moderate Cross-References: CVE-2025-8959 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

AZL-71167 CVE-2025-38643 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Add missing lock in cfg80211checkandendcac Callers of wdevchandef must hold the wiphy mutex. But the worker cfg80211propagatecacdonewk never takes the lock. Which triggers the warning below with the...

CVE-2025-38648 spi: stm32: Check for cfg availability in stm32_spi_probe

In the Linux kernel, the following vulnerability has been resolved: spi: stm32: Check for cfg availability in stm32spiprobe The stm32spiprobe function now includes a check to ensure that the pointer returned by ofdevicegetmatchdata is not NULL before accessing its members. This resolves a warning...

CVE-2025-38643

CVE-2025-38643 affects the Linux kernel wifi stack (cfg80211). The root cause is a missing lock in cfg80211_check_and_end_cac(), while callers of wdev_chandef() are expected to hold the wiphy mutex; however the worker cfg80211_propagate_cac_done_wk() does not acquire it. This can trigger a warnin...

CVE-2025-38643

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Add missing lock in cfg80211checkandendcac Callers of wdevchandef must hold the wiphy mutex. But the worker cfg80211propagatecacdonewk never takes the lock. Which triggers the warning below with the...

OESA-2025-2075 openjpeg2 security update

OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order to promote the use of JPEG 2000, a still-image compression standard from the Joint Photographic Experts Group JPEG. Since April 2015, it is officially recognized by ISO/IEC and ITU-T as a JPEG 2000...

Security Bulletin: IBM App Connect Enterprise is vulnerable to Improper Encoding or Escaping of Output due to xmldom ( CVE-2021-32796 )

Summary IBM App Connect Enterprise is vulnerable to Improper Encoding or Escaping of Output due to xmldom. Vulnerability Details CVEID:CVE-2021-32796 DESCRIPTION: xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions...

OPENSUSE-SU-2025:15482-1 jetty-annotations-9.4.58-1.1 on GA media

These are all security issues fixed in the jetty-annotations-9.4.58-1.1 package on the GA media of openSUSE Tumbleweed...

PT-2025-34474 · Tenda · Tenda O3V2

Name of the Vulnerable Software and Affected Versions: Tenda O3V2 version 1.0.0.123880 Description: The Tenda O3V2 device is susceptible to a buffer overflow issue within the fromSafeSetMacFilter function. The vulnerability is triggered by manipulating the mac parameter. Recommendations: Update t...

OPENSUSE-SU-2025:15481-1 chromedriver-139.0.7258.138-1.1 on GA media

These are all security issues fixed in the chromedriver-139.0.7258.138-1.1 package on the GA media of openSUSE Tumbleweed...

ruby3.4-rubygem-activerecord-8.0-8.0.1-2.1 on GA media (moderate)

ruby3.4-rubygem-activerecord-8.0-8.0.1-2.1 on GA media Announcement ID: openSUSE-SU-2025:15480-1 Rating: moderate Cross-References: CVE-2025-55193 CVSS scores: CVE-2025-55193 SUSE : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2025-55193 SUSE : 5.3...

pdns-recursor-5.2.5-1.1 on GA media (moderate)

pdns-recursor-5.2.5-1.1 on GA media Announcement ID: openSUSE-SU-2025:15479-1 Rating: moderate Cross-References: CVE-2025-30192 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

aide-0.19.2-1.1 on GA media (moderate)

aide-0.19.2-1.1 on GA media Announcement ID: openSUSE-SU-2025:15475-1 Rating: moderate Cross-References: CVE-2025-54389 CVE-2025-54409 Affected Products: openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. Description: These are all security issues fixed in the...

flake-pilot-3.1.21-1.1 on GA media (moderate)

flake-pilot-3.1.21-1.1 on GA media Announcement ID: openSUSE-SU-2025:15476-1 Rating: moderate Cross-References: CVE-2025-55159 CVSS scores: CVE-2025-55159 SUSE : 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2025-55159 SUSE : 5.8...

ROS-20250822-18

A vulnerability in the 2D component of the Oracle Java SE software platform and Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input validation. and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input...

ROS-20250822-19

A vulnerability in the 2D component of the Oracle Java SE software platform and Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input validation. and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input...

ROS-20250822-17

A vulnerability in the 2D component of the Oracle Java SE software platform and Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input validation. and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input...

WeGIA 安全漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A security vulnerability exists in WeGIA versions prior to 3.4.10, which stems from an SQL injection in the idfuncionario parameter in the /html/funcionario/dependenteremover.php endpoint, which could lea...