4242 matches found
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989755)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989755 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - Fix ADFDEVRESETSYNC memory leak Using completiondone to determine whether the calle...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989364)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989364 advisory. In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix a potential memory leak in r871xudrvinit In r871xudrvinit, if r8712initdrvs...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989574)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989574 advisory. In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix possible memory leak in iiosysfstriginit devsetname allocates memory for...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989211)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989211 advisory. In the Linux kernel, the following vulnerability has been resolved: net: usb: fix possible use-after-free in smsc75xxbind The commit 46a8b29c6306 net: usb: fix memor...
USN-7851-1: runC vulnerabilities
Lei Wang and Li Fubang discovered that runC incorrectly handled masked paths. An attacker could possibly replace a container's /dev/null with a symlink to some other procfs file and possibly escape a container. CVE-2025-31133 Lei Wang and Li Fubang discovered that runC incorrectly handled the...
PT-2025-45350
Name of the Vulnerable Software and Affected Versions runc versions 1.2.0 through 1.2.7 runc versions 1.3.0-rc.1 through 1.3.1 runc versions 1.4.0-rc.1 through 1.4.0-rc.2 Description runc is a CLI tool for spawning and running containers according to the OCI specification. A race condition in the...
Origin Validation Error
@parcel/reporter-dev-server is vulnerable to an Origin Validation Error. The vulnerability is due to the server failing to verify and enforce the Origin header for XMLHttpRequests. An attacker can host a malicious webpage that issues cross-origin XMLHttpRequests to a developer's running dev serve...
Astra Linux - уязвимость в linux-6.12
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: Fix use-after-free in vhciflush syzbot reported use-after-free in vhciflush without repro. 0 From the splat, a thread closed a vhci file descriptor while its device was being used by iotcl on another thread...
curl: curl built with GnuTLS backend defaults to weak crypto parameters
Summary: Curl configured with GnuTLS backend --with-gnutls defaults using "NORMAL" as the base level of the library cryptographic security. From GnuTLS documentation: The message authenticity security level is of 64 bits or more, and the certificate verification profile is set to GNUTLSPROFILELOW...
EUVD-2023-60040
Nagios XI versions prior to 2024R1 are vulnerable to cross-site scripting XSS via the Graph Explorer component. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...
MAL-2025-49220 Malicious code in epic-webpack-hot-dev-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aad1ea558baf857da2084adf46bf56730bd6d03f39046fff99845429d9e06cd2 The package epic-webpack-hot-dev-client was found to contain malicious code...
EUVD-2025-37073
Malicious code in epic-webpack-hot-dev-client npm...
Malicious code in epic-webpack-hot-dev-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aad1ea558baf857da2084adf46bf56730bd6d03f39046fff99845429d9e06cd2 The package epic-webpack-hot-dev-client was found to contain malicious code...
SUSE CVE-2025-40074
In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dstdevrcu Change icmpv4xrlimallow, ipdefrag to prevent possible UAF. Change ipmrpreparexmit, ipmrqueuefwdxmit, ipmroutput, ipv4neighlookup to use lockdep enabled dstdevrcu...
CVE-2025-27093
CVE-2025-27093 affects Sliver’s custom WireGuard netstack. In affected releases (1.5.43 and earlier, and 1.6.0-dev) the netstack does not restrict traffic between WireGuard clients, enabling unrestricted inter-client communication and potentially allowing leaked/recovered keys to be used across o...
AZL-68894 CVE-2025-40074 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dstdevrcu Change icmpv4xrlimallow, ipdefrag to prevent possible UAF. Change ipmrpreparexmit, ipmrqueuefwdxmit, ipmroutput, ipv4neighlookup to use lockdep enabled dstdevrcu...
UBUNTU-CVE-2025-40074
In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dstdevrcu Change icmpv4xrlimallow, ipdefrag to prevent possible UAF. Change ipmrpreparexmit, ipmrqueuefwdxmit, ipmroutput, ipv4neighlookup to use lockdep enabled dstdevrcu...
CVE-2025-40074 ipv4: start using dst_dev_rcu()
In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dstdevrcu Change icmpv4xrlimallow, ipdefrag to prevent possible UAF. Change ipmrpreparexmit, ipmrqueuefwdxmit, ipmroutput, ipv4neighlookup to use lockdep enabled dstdevrcu...
CVE-2025-40075
In the Linux kernel, the following vulnerability has been resolved: tcpmetrics: use dstdevnetrcu Replace three dstdev with a lockdep enabled helper...
Linux Distros Unpatched Vulnerability : CVE-2025-40074
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv4: start using dstdevrcu Change icmpv4xrlimallow, ipdefrag to prevent possible UAF. Change ipmrpreparexmit, ipmrqueuefwdxmit, ipmroutput, ipv4neighlookup to...