AZL-73845 CVE-2025-38728 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: smb3: fix for slab out of bounds on mount to ksmbd With KASAN enabled, it is possible to get a slab out of bounds during mount to ksmbd due to missing check in parseserverinterfaces see below: BUG: KASAN: slab-out-of-bounds in...

AZL-66875 CVE-2025-38728 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: smb3: fix for slab out of bounds on mount to ksmbd With KASAN enabled, it is possible to get a slab out of bounds during mount to ksmbd due to missing check in parseserverinterfaces see below: BUG: KASAN: slab-out-of-bounds in...

CVE-2025-38728

CVE-2025-38728 : Linux kernel SMB3/kdmbd (ksmbd) mount path vulnerability. The issue stems from a missing check in parse_server_interfaces() under KASAN, enabling a slab-out-of-bounds read during a ksmbd mount. The bug is reported in the CIFS/SMB3 path with a read of size 4 at a kernel address du...

PT-2025-36066

Name of the Vulnerable Software and Affected Versions: AccountManagerService affected versions not specified Description: An application may access privileged APIs due to a confused deputy condition within the isSystemUid function of AccountManagerService.java. This could result in local privileg...

cifs: fix underflow in parse_server_interfaces()

...

CVE-2025-21031

Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs...

CVE-2025-21031

CVE-2025-21031 concerns an improper access control in ImsService prior to Samsung SMR Sep-2025 Release 1, enabling local attackers to invoke privileged APIs. Affected: ImsService on Samsung Mobile devices. Root cause: insufficient access restrictions that permit privileged API usage from local co...

CVE-2025-21031

Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs...

PT-2025-35685

Name of the Vulnerable Software and Affected Versions: ImsService versions prior to SMR Sep-2025 Release 1 Description: An improper access control issue exists in ImsService. This allows local attackers to utilize privileged APIs. Recommendations: Update ImsService to SMR Sep-2025 Release 1 or...

Linux Distros Unpatched Vulnerability : CVE-2025-38606

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid accessing uninitialized arvif-ar during beacon miss During beacon miss...

Linux Distros Unpatched Vulnerability : CVE-2021-44120

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP 4.0.0 is affected by a Cross Site Scripting XSS vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An...

Linux Distros Unpatched Vulnerability : CVE-2019-14511

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet unless filtered by a firewall or...

OESA-2025-2079 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: mac802154: check local interfaces before deleting sdata list syzkaller reported a corrupted list in ieee802154ifremove. 1 Remove an IEEE 802.15.4 network interfa...

OESA-2025-2078 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: mac802154: check local interfaces before deleting sdata list syzkaller reported a corrupted list in ieee802154ifremove. 1 Remove an IEEE 802.15.4 network interfa...

Linux Distros Unpatched Vulnerability : CVE-2021-42343

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or...

GHSA-VV6J-3G6G-2PVJ Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config

Summary Using torch.utils.configmodule.loadconfig function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.utils.configmodule.loadconfig function in reduce...

USN-7704-4 linux-nvidia vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Arm Firmware Framework for ARMv8-AFFA; - Multiple devices driver; - Media drivers; - Network...

CVE-2025-8415

A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment...

CVE-2025-8415

A vulnerability was found in the Cryostat HTTP API. Cryostat's HTTP API binds to all network interfaces, allowing possible external visibility and access to the API port if Network Policies are disabled, allowing an unauthenticated, malicious attacker to jeopardize the environment...

CVE-2025-8415

CVE-2025-8415 affects Cryostat: the Cryostat HTTP API binds to all network interfaces, which can expose the API port externally if Network Policies are disabled. The vulnerability enables an unauthenticated attacker to jeopardize the environment, with CVSS 3.1 base metrics indicating network acce...