CVE-2026-31529 cxl/region: Fix leakage in __construct_region()

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix leakage in constructregion Failing the first sysfsupdategroup needs to explicitly kfree the resource as it is too early for cxlregioniomemrelease to do so...

CVE-2026-23297

CVE-2026-23297 affects the Linux kernel’s NFS daemon (nfsd). The issue is a memory leak of struct cred caused by how nfsd_nl_threads_set_doit() passes current credentials to nfsd_svc() and later to _svc_xprt_create() without transferring ownership, leaving a refcount leak. SYZBOT identified a lea...

CVE-2023-54260 cifs: Fix lost destroy smbd connection when MR allocate failed

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix lost destroy smbd connection when MR allocate failed If the MR allocate failed, the smb direct connection info is NULL, then smbddestroy will directly return, then the connection info will be leaked. Let's set the smb...

SUSE-SU-2025:21137-1 Security update for alloy

This update for alloy fixes the following issues: - CVE-2025-58058: Removed dependency on vulnerable github.com/ulikunitz/xz bsc1248960. - CVE-2025-11065: Fixed sensitive information leak in logs bsc1250621...

EUVD-2024-39637

Malicious code in bioql PyPI...

CVE-2025-22025 nfsd: put dl_stid if fail to queue dl_recall

In the Linux kernel, the following vulnerability has been resolved: nfsd: put dlstid if fail to queue dlrecall Before calling nfsd4runcb to queue dlrecall to the callbackwq, we increment the reference count of dlstid. We expect that after the corresponding workstruct is processed, the reference...

CVE-2025-21745

CVE-2025-21745 affects the Linux kernel blk-cgroup subsystem. The root cause was a leak of the subsystem refcount in blkcg_fill_root_iostats() caused by iterating devices with class_dev_iter_(init|next)() without class_dev_iter_exit(). The fix ends the iteration with class_dev_iter_exit(), preven...

CVE-2024-42477

llama.cpp provides LLM inference in C/C++. The unsafe type member in the rpctensor structure can cause global-buffer-overflow. This vulnerability may lead to memory data leakage. The vulnerability is fixed in b3561...

CVE-2024-40985

In the Linux kernel, the following vulnerability has been resolved: net/tcpao: Don't leak aoinfo on error-path It seems I introduced it together with TCPAOCMDFAOREQUIRED, on version 5 1 of TCP-AO patches. Quite frustrative that having all these selftests that I've written, running kmemtest & kcov...

UBUNTU-CVE-2024-35859

In the Linux kernel, the following vulnerability has been resolved: block: fix module reference leakage from bdevopenbydev error path At the time bdevmayopen is called, module reference is grabbed already, hence module reference should be released if bdevmayopen failed. This problem is found by...

SUSE-SU-2023:4155-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: - Update to version 18.18.2 - CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. bsc1216190 - CVE-2023-45143: Fixed a cookie leakage in undici. bsc1216205 - CVE-2023-38552: Fixed an integrity checks according to policies that could be...

CVE-2023-38494 The cloud version of the MeterSphere interface leaks some sensitive data without authentication

MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue...

SUSE-SU-2022:4626-1 Security update for freeradius-server

This update for freeradius-server fixes the following issues: - CVE-2022-41859: Fixes an information leakage in EAP-PWD bsc1206204. - CVE-2022-41860: Fixes a crash on unknown option in EAP-SIM bsc1206205. - CVE-2022-41861: Fixes a crash on invalid abinary data bsc1206206. - rebuild against the ne...

SUSE-SU-2022:4620-1 Security update for freeradius-server

This update for freeradius-server fixes the following issues: - CVE-2022-41859: Fixes an information leakage in EAP-PWD bsc1206204. - CVE-2022-41860: Fixes a crash on unknown option in EAP-SIM bsc1206205. - CVE-2022-41861: Fixes a crash on invalid abinary data bsc1206206. - move logrotate options...

SUSE-SU-2022:4330-1 Security update for LibVNCServer

This update for LibVNCServer fixes the following issues: - CVE-2020-29260: Fixed memory leakage via rfbClientCleanup bsc1203106...

SUSE-SU-2022:3540-1 Security update for LibVNCServer

This update for LibVNCServer fixes the following issues: - CVE-2020-29260: Fixed memory leakage via rfbClientCleanup bsc1203106...

Unbreakable Enterprise kernel security update

4.14.35-2047.512.6 - Revert 'rds/ib: recover rds connection from stuck rx path' Rohit Nair Orabug: 34039271 - uek-rpm: update kABI lists for new symbols Saeed Mirzamohammadi Orabug: 33993774 4.14.35-2047.512.5 - netfilter: nftables: initialize registers in nftdochain Pablo Neira Ayuso Orabug:...

kernel security, bug fix, and enhancement update

3.10.0-1160.62.1.OL7 - Update Oracle Linux certificates Ilya Okomin - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and shim-x64 = 15-2.0.9 - Update oraclekernel-sig-key...

OPENSUSE-SU-2022:0079-1 Security update for minidlna

This update for minidlna fixes the following issues: minidlna was updated to version 1.3.1 boo1196814 - Fixed a potential crash in SSDP request parsing. - Fixed a configure script failure on some platforms. - Protect against DNS rebinding attacks. CVE-2022-26505 - Fix an socket leakage issue on...

DEBIAN-CVE-2021-23969

As specified in the W3C Content Security Policy draft, when creating a violation report, "User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage."...