Siemens SIMATIC Devices Use of Uninitialized Resource (CVE-2024-46865)

In the Linux kernel, the following vulnerability has been resolved: fou: fix initialization of grc The grc must be initialize first. There can be a condition where if fou is NULL, goto out will be executed and grc would be used uninitialized. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Use of Uninitialized Resource (CVE-2024-49900)

In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of newea in eabuffer syzbot reports that lzo1x1docompress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in lzo1x1docompress+0x19f9/0x2510...

Siemens SIMATIC Devices Missing Initialization of a Variable (CVE-2024-45018)

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

SUSE CVE-2023-53696

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in qla2x00probeone There is a memory leak reported by kmemleak: unreferenced object 0xffffc900003f0000 size 12288: comm "modprobe", pid 19117, jiffies 4299751452 age 42490.264s hex dump first 32...

CVE-2025-0033

Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity...

EUVD-2023-60009

In the Linux kernel, the following vulnerability has been resolved: serial: arcuart: fix ofiomap leak in arcserialprobe Smatch reports: drivers/tty/serial/arcuart.c:631 arcserialprobe warn: 'port-membase' from ofiomap not released on lines: 631. In arcserialprobe, if uartaddoneport fails,...

UBUNTU-CVE-2022-50574

In the Linux kernel, the following vulnerability has been resolved: drm/omap: dss: Fix refcount leak bugs In dssinitports and dssuninitports, we should call ofnodeput for the reference returned by ofgraphgetportbyid in fail path or when it is not used anymore...

CVE-2023-53696

CVE-2023-53696 affects the Linux kernel scsi/qla2xxx driver. The root cause is an error-path leak in qla2x00_probe_one(): when base_vha initialization fails, the fab_scan_rp (scan.l) allocated in qla2x00_create_host() is not released in the probe_failed path, causing a memory leak reported by kme...

CVE-2023-53696 scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in qla2x00probeone There is a memory leak reported by kmemleak: unreferenced object 0xffffc900003f0000 size 12288: comm "modprobe", pid 19117, jiffies 4299751452 age 42490.264s hex dump first 32...

Security update for libqt5-qtbase

This update for libqt5-qtbase fixes the following issues: Security issues fixed: CVE-2025-5455: processing of malformed data in qDecodeDataUrl can trigger assertion and cause a crash bsc1243958. CVE-2025-30348: complex algorithm used in encodeText in QDom when processing XML data can cause low...

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

EUVD-2022-54718

In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: fix the pagelist corruption Easily hit the below list corruption: == listadd corruption. prev-next should be next ffffffffc0ceb090, but was ffffec604507edc8. prev=ffffec604507edc8. WARNING: CPU: 65 PID: 3959 at...

EUVD-2022-54851

In the Linux kernel, the following vulnerability has been resolved: sfc: fix considering that all channels have TX queues Normally, all channels have RX and TX queues, but this is not true if modparam efxseparatetxchannels=1 is used. In that cases, some channels only have RX queues and others onl...

EUVD-2022-55009

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix abort all task initialization In pm80xxsendabortall, the nelem field of the ccb used is not initialized to 0. This missing initialization sometimes lead to the task completion path seeing the ccb with a non-zero...

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

EUVD-2025-35229

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data...

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

CVE-2025-56801

The Red Hat advisories describe CVE-2025-56801 as a vulnerability in the Reolink Desktop Application 8.18.12 where hardcoded hard-coded credentials function as the Initialization Vector (IV) in AES-CFB encryption, enabling local attackers to decrypt sensitive configuration data stored under %APPD...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987653)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987653 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Add stagwork to all the vports Call trace seen when creating NPIV ports, only 32 out ...