SUSE CVE-2023-53758

In the Linux kernel, the following vulnerability has been resolved: spi: atmel-quadspi: Free resources even if runtime resume failed in .remove An early error exit in atmelqspiremove doesn't prevent the device unbind. So this results in an spi controller with an unbound parent and unmapped regist...

SUSE CVE-2025-40308

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bcsp: receive data only if registered Currently, bcsprecv can be called even when the BCSP protocol has not been registered. This leads to a NULL pointer dereference, as shown in the following stack trace: KASAN:...

CVE-2022-50646

CVE-2022-50646 affects the Linux kernel SCSI HPSA path. The vulnerability is due to a memory leak in hpsa_init_one() where, on alloc_percpu() failure, the code frees the allocated structure but leaks h->reply_map. The patch fixes this by calling hpda_free_ctlr_info() to release h->reply_map...

CVE-2022-50646

In the Linux kernel, the following vulnerability has been resolved: scsi: hpsa: Fix possible memory leak in hpsainitone The hpdaallocctlrinfo allocates h and its field replymap. However, in hpsainitone, if allocpercpu failed, the hpsainitone jumps to clean1 directly, which frees h and leaks the...

PT-2025-50266

Name of the Vulnerable Software and Affected Versions Tinycontrol LAN Controller v3 LK3 version 1.58a Description The Tinycontrol LAN Controller v3 LK3 version 1.58a has an issue that allows remote attackers to download configuration backup files containing sensitive credentials without...

PT-2025-49626

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the hpsa init one function within the SCSI subsystem of the Linux kernel. The hpda alloc ctlr info function allocates memory for a controller information structur...

WordPress plugin Geo Controller 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from drm/msm/dp not removing the aux device at the same time as the DP controller, which could result in the...

Tinycontrol LAN Controller 安全漏洞

Tinycontrol LAN Controller is a building automation controller from Tinycontrol Poland. A security vulnerability exists in Tinycontrol LAN Controller v3 LK3 version 1.58a, which originates from unauthorized access and could lead to credential disclosure...

PT-2025-49998

Insertion of Sensitive Information Into Sent Data vulnerability in INFINITUM FORM Geo Controller cf-geoplugin allows Retrieve Embedded Sensitive Data.This issue affects Geo Controller: from n/a through = 8.9.4...

PT-2025-49845

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected application exhibits inconsistent SNMP behavior, such as unexpected service availability and unreliable configuration handling across protocol versions. This could allow an attacker to access sensitive data,...

CVE-2022-50633 usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: qcom: Fix memory leak in dwc3qcominterconnectinit oficcget alloc resources for path handle, we should release it when not need anymore. Like the release in dwc3qcominterconnectexit function. Add iccput in error handlin...

Oracle Linux 10 : kernel (ELSA-2025-22854)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-22854 advisory. - iommu/vt-d: Disallow dirty tracking if incoherent page walk CKI Backport Bot RHEL-125482 CVE-2025-40058 - net/mlx5: fs, fix UAF in flow counter...

Siemens Building X - Security Manager Edge Controller

SUMMARY Building X - Security Manager Edge Controller ACC-AP devices do not properly check the integrity of firmware updates. This could allow an attacker to upload a maliciously modified firmware onto the device. Siemens is preparing fix versions and recommends specific countermeasures for...

CVE-2025-40301

No description is available for this CVE. Mitigation To mitigate this issue, disable the Bluetooth kernel module if Bluetooth functionality is not required. This can be achieved by blacklisting the bluetooth module. Create a file named /etc/modprobe.d/disable-bluetooth.conf with the following...

CVE-2025-36015

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow an authenticated user to cause a denial of service due to improper validation of a specified quantity size input...

CVE-2025-36017

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information in environmental variables files which can be obtained by an authenticated user...

CVE-2025-36102

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security...

CVE-2025-33111

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks...

CVE-2025-36102

IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security...