CVE-2025-40232

In the Linux kernel, the following vulnerability has been resolved: rv: Fully convert enabledmonitors to use listhead as iterator The callbacks in enabledmonitorsseqops are inconsistent. Some treat the iterator as struct rvmonitor , while others treat the iterator as struct listhead . This causes...

UBUNTU-CVE-2025-40259

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Do not sleep in atomic context sgfinishremreq calls blkrqunmapuser. The latter function may sleep. Hence, call sgfinishremreq with interrupts enabled instead of disabled...

UBUNTU-CVE-2025-40232

In the Linux kernel, the following vulnerability has been resolved: rv: Fully convert enabledmonitors to use listhead as iterator The callbacks in enabledmonitorsseqops are inconsistent. Some treat the iterator as struct rvmonitor , while others treat the iterator as struct listhead . This causes...

EUVD-2025-201198

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Do not sleep in atomic context sgfinishremreq calls blkrqunmapuser. The latter function may sleep. Hence, call sgfinishremreq with interrupts enabled instead of disabled...

CVE-2025-40259

CVE-2025-40259 : In the Linux kernel, the sg (SCSI generic) driver could sleep in atomic context via sg_finish_rem_req() -> blk_rq_unmap_user(). The fix calls sg_finish_rem_req() with interrupts enabled to prevent sleeping in atomic context. Multiple advisories (Debian DLA-4436-1; Amazon Linux...

CVE-2025-40259 scsi: sg: Do not sleep in atomic context

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Do not sleep in atomic context sgfinishremreq calls blkrqunmapuser. The latter function may sleep. Hence, call sgfinishremreq with interrupts enabled instead of disabled...

CVE-2025-40232

CVE-2025-40232 affects the Linux kernel component related to enabled_monitors iteration. The issue arises from inconsistent callbacks in enabled_monitors_seq_ops that sometimes treat the iterator as struct rv_monitor * and other times as struct list_head *. This causes an incorrect type cast and ...

EUVD-2025-201227

In the Linux kernel, the following vulnerability has been resolved: rv: Fully convert enabledmonitors to use listhead as iterator The callbacks in enabledmonitorsseqops are inconsistent. Some treat the iterator as struct rvmonitor , while others treat the iterator as struct listhead . This causes...

CVE-2025-40232

In the Linux kernel, the following vulnerability has been resolved: rv: Fully convert enabledmonitors to use listhead as iterator The callbacks in enabledmonitorsseqops are inconsistent. Some treat the iterator as struct rvmonitor , while others treat the iterator as struct listhead . This causes...

kprobes: Fix check for probe enabled in kill_kprobe()

...

PT-2025-49059

In the Linux kernel, the following vulnerability has been resolved: rv: Fully convert enabled monitors to use list head as iterator The callbacks in enabled monitors seq ops are inconsistent. Some treat the iterator as struct rv monitor , while others treat the iterator as struct list head . This...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an inconsistency in the type of the enabledmonitors iterator, which could lead to a system crash...

MCP TypeScript SDK 安全漏洞

MCP TypeScript SDK is a Model Context Protocol open source developer toolkit for Model Context Protocol servers and clients. A security vulnerability exists in MCP TypeScript SDK versions prior to 1.24.0 that stems from not enabling DNS rebinding protection by default, which could lead to bypassi...

CVE-2025-13615

The StreamTube Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 4.78. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

PT-2025-48371

Reflected Cross-Site Scripting rXSS in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim's browser via a crafted URL to the passQueryParameters function with the xml parameter enabled...

SUSE CVE-2025-64330

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a single byte read heap overflow when logging the verdict in eve.alert and eve.drop records can lead to crashes. This requires t...

DEBIAN-CVE-2025-64330

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a single byte read heap overflow when logging the verdict in eve.alert and eve.drop records can lead to crashes. This requires t...

CVE-2025-64331

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a stack overflow can occur on large HTTP file transfers if the user has increased the HTTP response body limit and enabled the...

EUVD-2025-199772

Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a single byte read heap overflow when logging the verdict in eve.alert and eve.drop records can lead to crashes. This requires t...

BIT-GRAFANA-2025-41115 Incorrect privilege assignment

SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user...