Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990262)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990262 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989841)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989841 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989984)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989984 advisory. In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geniseclktblget This loop is supposed to break if the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988706)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988706 advisory. In the Linux kernel, the following vulnerability has been resolved: phy: phy-mtk-tphy: Fix some resource leaks in mtkphyinit Use clkdisableunprepare in the error pat...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989178)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989178 advisory. In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix struct clk leak on probe errors Make sure to release the pipe clock reference ...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989738)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989738 advisory. In the Linux kernel, the following vulnerability has been resolved: dmaengine: mvxorv2: Fix a resource leak in mvxorv2remove A clkprepareenable call in the probe is...

CVE-2025-20743

The CVE-2025-20743 entry concerns the clkdbg component, where a use-after-free condition can lead to local privilege escalation if an attacker already has System privileges. The vulnerability does not require user interaction and has a local attack vector with low complexity. The patch reference ...

WordPress All in One Time Clock Lite plugin <= 2.0.3 - Missing Authorization to Page Creation and Information Exposure vulnerability

Missing Authorization to Page Creation and Information Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin All in One Time Clock Lite versions = 2.0.3...

CVE-2025-11758

The All in One Time Clock Lite plugin for WordPress is vulnerable to unauthorized access due to a missing authorization check in all versions up to, and including, 2.0.3. This is due to the plugin exposing admin-level AJAX actions to unauthenticated users via wpajaxnopriv hooks, while relying onl...

CVE-2025-11758 All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0.3 - Missing Authorization to Page Creation and Information Exposure

The All in One Time Clock Lite plugin for WordPress is vulnerable to unauthorized access due to a missing authorization check in all versions up to, and including, 2.0.3. This is due to the plugin exposing admin-level AJAX actions to unauthenticated users via wpajaxnopriv hooks, while relying onl...

CVE-2025-11758 All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0.3 - Missing Authorization to Page Creation and Information Exposure

The All in One Time Clock Lite plugin for WordPress is vulnerable to unauthorized access due to a missing authorization check in all versions up to, and including, 2.0.3. This is due to the plugin exposing admin-level AJAX actions to unauthenticated users via wpajaxnopriv hooks, while relying onl...

CVE-2025-11758

CVE-2025-11758 : All in One Time Clock Lite (WordPress)

PT-2025-44939

Name of the Vulnerable Software and Affected Versions All in One Time Clock Lite versions up to and including 2.0.3 Description The plugin exhibits unauthorized access due to a missing authorization check. Admin-level AJAX actions are exposed to unauthenticated users through wp ajax nopriv hooks,...

WordPress plugin All in One Time Clock Lite 安全漏洞

WordPress All in One Time Clock Lite plugin is a plugin for tracking employee attendance and supports clock-in record management for employees, volunteers and contractors. An unauthorized access vulnerability exists in WordPress All in One Time Clock Lite plugin, which stems from a lack of...

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: A NULL check has been added in raspberrypiclkregister. devmkasprintf returns NULL when memory allocation fails. Currently, raspberrypiclkregister does not check for this case, which results in a NULL pointer being...

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ptp: The logic that checks ptp-nvclocks has been removed from ptpvclockinuse. It’s clear that we should check both ptp-isvirtualclock and ptp-nvclocks to determine whether the ptp virtual clock is in use. However, when we access...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: clk: imx95-blk-ctl: Fixed synchronous abort When enabling runtime PM for clock suppliers that also belong to a power domain, the following crash occurs: Error: Synchronous external abort: 0000000096000010 1 PREEMPT SMP Workqueue:...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: clk: imx: Fixed an out-of-bounds access in dispmixcsrclkdevdata When numparents is 4, clkregister causes an out-of-bounds access when accessing the parentnames member. Use ARRAYSIZE instead of hardcoding the number here. BUG:...

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: renesasusbhs: Revised the handling of clock reordering and power management in the probe function. The initialization sequence in usbhsprobe was reorganized to enable runtime PM before accessing registers. This prevents...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: clk: davinci: A NULL check was added in davincilpscclkregister. devmkasprintf returns NULL when memory allocation fails. Currently, davincilpscclkregister does not check for this case, resulting in a NULL pointer being...