UBUNTU-CVE-2022-50388

In the Linux kernel, the following vulnerability has been resolved: nvme: fix multipath crash caused by flush request when blktrace is enabled The flush request initialized by blkkickflush has NULL bio, and it may be dealt with nvmeendreq during io completion. When blktrace is enabled,...

CVE-2022-50388 nvme: fix multipath crash caused by flush request when blktrace is enabled

In the Linux kernel, the following vulnerability has been resolved: nvme: fix multipath crash caused by flush request when blktrace is enabled The flush request initialized by blkkickflush has NULL bio, and it may be dealt with nvmeendreq during io completion. When blktrace is enabled,...

CVE-2024-25011

CVE-2024-25011 affects Ericsson Catalog Manager and Ericsson Order Care APIs. The vulnerability arises because authentication is not enabled by default, allowing potential information disclosure. Remediation guidance states that authentication checks can be configured to remediate the issue. No e...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the client-side Island payload revival process. An attacker can access unauthorized files or endpoints by crafting a malicious nuxtisland object containing path traversal sequences, which are then deserialized an...

GO-2025-3945 WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled in github.com/SpectoLabs/hoverfly

WebSocket endpoint /api/v2/ws/logs reachable without authentication even when --auth is enabled in github.com/SpectoLabs/hoverfly...

CVE-2025-10050

The CVE-2025-10050 issue affects the WordPress plugin Developer Loggers for Simple History (versions up to 0.5). The underlying flaw is a Local File Inclusion via the enabled_loggers parameter, exploitable by authenticated attackers with Administrator-level access or higher to include and execute...

PT-2025-38096

Name of the Vulnerable Software and Affected Versions: Developer Loggers for Simple History plugin for WordPress versions prior to 0.6 Description: The Developer Loggers for Simple History plugin for WordPress is susceptible to a Local File Inclusion issue via the enabled loggers parameter. This...

PT-2025-38161

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration affected versions not specified Description: A Cross-Site Request Forgery CSRF vulnerability exists in the ResetPasswordRequest operation of Zimbra Collaboration ZCS when the zimbraFeatureResetPasswordStatus attribute is...

SUSE CVE-2022-50266

In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix check for probe enabled in killkprobe In killkprobe, the check whether disarmkprobeftrace needs to be called always fails. This is because before that we set the KPROBEFLAGGONE flag for kprobe so that...

SUSE CVE-2023-53206

In the Linux kernel, the following vulnerability has been resolved: hwmon: pmbuscore Fix NULL pointer dereference Pass i2cclient to pmbusisenabled to drop the assumption that a regulator device is passed in. This will fix the issue of a NULL pointer dereference when called from pmbusgetflags...

SUSE CVE-2025-39829

In the Linux kernel, the following vulnerability has been resolved: trace/fgraph: Fix the warning caused by missing unregister notifier This warning was triggered during testing on v6.16: notifier callback ftracesuspendnotifiercall already registered WARNING: CPU: 2 PID: 86 at kernel/notifier.c:2...

CVE-2025-37129

CVE-2025-37129 describes a vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways . An authenticated attacker could exploit the built-in script execution capability to execute arbitrary commands on the underlying operating system if the feature is enabled ...

GHSA-JMP9-X22R-554X Spring Framework annotation detection mechanism may result in improper authorization

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...

CVE-2025-36244 IBM AIX privilege escalation

IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables...

CVE-2025-39829

In the Linux kernel, the following vulnerability has been resolved: trace/fgraph: Fix the warning caused by missing unregister notifier This warning was triggered during testing on v6.16: notifier callback ftracesuspendnotifiercall already registered WARNING: CPU: 2 PID: 86 at kernel/notifier.c:2...

UBUNTU-CVE-2025-39829

In the Linux kernel, the following vulnerability has been resolved: trace/fgraph: Fix the warning caused by missing unregister notifier This warning was triggered during testing on v6.16: notifier callback ftracesuspendnotifiercall already registered WARNING: CPU: 2 PID: 86 at kernel/notifier.c:2...

Important: kernel-livepatch-5.10.238-234.956

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing CVE-2025-38386 Affected Packages: kernel-livepatch-5.10.238-234.956 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: microcode_ctl

Issue Overview: Improper buffer restrictions for some IntelR XeonR Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-20053 Missing reference to active allocated resource for some IntelR XeonR processors may all...

Important: kernel-livepatch-5.10.239-236.958

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing CVE-2025-38386 Affected Packages: kernel-livepatch-5.10.239-236.958 Issue Correction: Please ensure you have live patching enabled. Run yum update...

CVE-2022-50307

In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix out-of-bounds access on cioignore free The channel-subsystem-driver scans for newly available devices whenever device-IDs are removed from the cioignore list using a command such as: echo free /proc/cioignore Since ...