kernel: Bluetooth: hci_event: call disconnect callback before deleting conn

A flaw was found in the Linux kernel in which a callback is not called when a Bluetooth peripheral is disconnected. This flaw leads to a use-after-free, which an attacker could use to escalate their privileges, corrupt system memory, or otherwise cause a denial of service...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004949)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004949 advisory. In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap'ing the...

ALSA-2026:1142 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Bluetooth: hcievent: call disconnect callback before deleting conn CVE-2023-53673 kernel: ASoC: Intel: bytcrrt5640: Fix invalid quirk input mapping CVE-2025-40154 kernel: Linux kernel:...

CVE-2025-71162 dmaengine: tegra-adma: Fix use-after-free

In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra-adma: Fix use-after-free A use-after-free bug exists in the Tegra ADMA driver when audio streams are terminated, particularly during XRUN conditions. The issue occurs when the DMA buffer is freed by...

CVE-2025-15516

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackstoreusermeta function in versions 4.1.0 to 4.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

CVE-2025-15516

CVE-2025-15516 affects the WordPress plugin All-in-One Video Gallery (versions 4.1.0–4.6.4). A missing capability check in the ajax_callback_store_user_meta() function allows authenticated users with Subscriber+ privileges to modify arbitrary string-based user meta keys for their own account. Imp...

UBUNTU-CVE-2026-22981

In the Linux kernel, the following vulnerability has been resolved: idpf: detach and close netdevs while handling a reset Protect the reset path from callbacks by setting the netdevs to detached state and close any netdevs in UP state until the reset handling has completed. During a reset, the...

CVE-2025-71154

CVE-2025-71154 concerns Linux kernel code for the rtl8150 USB driver. When usb_submit_urb() fails in async_set_registers(), the allocated async_req and URB are not freed, causing a memory leak. The completion callback async_set_reg_cb() frees these allocations only after a successful URB submissi...

MGASA-2026-0016 Updated avahi packages fix security vulnerabilities

Avahi has a reachable assertion in avahiwideareascancache. CVE-2025-68276 Avahi has a reachable assertion in lookupmulticastcallback. CVE-2025-68468 Avahi has a reachable assertion in lookupstart. CVE-2025-68471...

Linux Kernel Security Vulnerabilities

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from idpf failing to separate and shut down network devices during password reset operations,...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21995)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21995 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix fence reference count lea...

Azure Linux 3.0 Security Update: kernel (CVE-2025-22025)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22025 advisory. - In the Linux kernel, the following vulnerability has been resolved: nfsd: put dlstid if fail to queue dlreca...

Open Redirect

Directus is vulnerable to Open Redirect. The vulnerability is due to improper validation of the RelayState parameter in the SAML authentication callback endpoint, which allows an attacker to craft a malicious authentication request that redirects users to an arbitrary external URL after login...

ALPINE-CVE-2026-21637

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

CVE-2026-21637

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

CVE-2026-21637

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

CVE-2026-21637

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

MiracleLinux 9 : glibc-2.34-100.el9_4.2 (AXSA:2024-8145:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8145:06 advisory. glibc: Out of bounds write in iconv conversion to ISO-2022-CN-EXT CVE-2024-2961 glibc: stack-based buffer overflow in netgroup cache CVE-2024-33599...

MiracleLinux 8 : bluez-5.52-4.el8 (AXSA:2021-1921:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1921:02 advisory. bluez: double free in gatttool client disconnect callback handler in src/shared/att.c could lead to DoS or RCE CVE-2020-27153 Tenable has extracted the...

Security update for the Linux Kernel (Live Patch 72 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.272 fixes various security issues The following security issues were fixed: CVE-2022-50233: bluetooth: device name can cause reading kernel memory by not supplying terminal \0 bsc1249242. CVE-2022-50327: ACPI: processor: idle: Check...