ROOT-APP-PYPI-CVE-2022-30034 CVE-2022-30034 in rootio-flower - Patched by Root

Root has patched CVE-2022-30034 in the rootio-flower package for Root:PyPI. Multiple fixed versions available...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: sched: flower: protect flwalk with rcu The patch that refactored flwalk to use idrforeachentrycontinueul also removed the rcu protection for individual filters. This caused a use-after-free when the filter was deleted...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: nfp: flower: handling of actinetdevs allocation failures The kmallocarray function in nfpfllagdowork will return null if physical memory runs out. As a result, if we dereference actinetdevs, null pointer dereferencing bugs may...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: fix filter idr initialization The referenced commit moved the idr initialization too early in flchange, which allows concurrent users to access the filter that is still being initialized and is in an inconsiste...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fixed the deletion of tc flowers for VLAN priority-based frame steering. To reproduce the issue: 1 Add a tc flower filter for VLAN Priority-based frame steering: $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15

An issue was discovered in flsetgeneveopt in net/sched/clsflower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCAFLOWERKEYENCOPTSGENEVE packets. This may result in denial of service or privilege escalation...

Astra Linux - уязвимость в linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: Fix chain templates offload When a qdisc is deleted from a net device, the stack instructs the underlying driver to remove its flow offload callback from the associated filter block using the ‘FLOWBLOCKUNBIND’...

kernel: net/mlx5e: Check for NOT_READY flag state after locking

A race condition was found in the Linux kernel Mellanox mlx5 network driver's traffic control offload flow management. A local user with privileges to configure traffic control flower filters can trigger concurrent flow deletion operations where the NOTREADY flag is checked before acquiring the...

Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-27046)

The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-27046 advisory. - In the Linux kernel, the following vulnerability has been resolved: nfp: flower: handle actinetdevs...

MiracleLinux 8 : kernel-4.18.0-553.16.1.el8_10 (AXSA:2024-8704:25)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8704:25 advisory. kernel: powerpc: Fix access beyond end of drmem array CVE-2023-52451 kernel: efivarfs: force RO when remounting if SetVariable is not supported...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004019)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004019 advisory. A memory leak in the nfpflowerspawnvnicreprs function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause ...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003864)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003864 advisory. Four memory leaks in the nfpflowerspawnphyreprs function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to caus...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004134)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004134 advisory. A memory leak in the nfpflowerspawnvnicreprs function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause ...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004020)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004020 advisory. Four memory leaks in the nfpflowerspawnphyreprs function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to caus...

CVE-2025-12549

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magentech Rozy - Flower Shop rozy allows PHP Local File Inclusion.This issue affects Rozy - Flower Shop: from n/a through = 1.2.25...

CVE-2025-12549

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magentech Rozy - Flower Shop rozy allows PHP Local File Inclusion.This issue affects Rozy - Flower Shop: from n/a through = 1.2.25...

CVE-2025-12549

CVE-2025-12549 is a WordPress Rozy - Flower Shop theme vulnerability : an unauthenticated Local File Inclusion (LFI) in the Rozy package (the WordPress theme for Rozy - Flower Shop) affecting version ≤ 1.2.25. The connected Wordfence report confirms the Rozy vulnerability entry and lists it as Un...

CVE-2025-12549 WordPress Rozy - Flower Shop theme <= 1.2.25 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in magentech Rozy - Flower Shop rozy allows PHP Local File Inclusion.This issue affects Rozy - Flower Shop: from n/a through = 1.2.25...

PT-2026-1696

Name of the Vulnerable Software and Affected Versions magentech Rozy - Flower Shop versions through 1.2.25 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for the inclusion ...

WordPress plugin Rozy - Flower Shop 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...