1196 matches found
CVE-2025-40104
CVE-2025-40104 affects the Linux kernel ixgbevf mailbox API, where API version increments (1.4→1.5→1.6) created compatibility issues across PF/VF drivers and IPSec offload paths. The vulnerability stems from mismatched feature negotiation when IPSec support and ESX mailbox paths were introduced, ...
Linux Distros Unpatched Vulnerability : CVE-2025-40104
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from...
Siemens SIMATIC Devices Improper Restriction of Communication Channel to Intended Endpoints (CVE-2024-35884)
In the Linux kernel, the following vulnerability has been resolved: udp: do not accept non-tunnel GSO skbs landing in a tunnel When rx- udp-gro-forwarding is enabled UDP packets might be GROed when being forwarded. If such packets might land in a tunnel this can cause various issues and...
SUSE CVE-2023-53720
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Release the label when replacing existing ct entry Cited commit doesn't release the label mapping when replacing existing ct entry which leads to following memleak report: unreferenced object 0xffff8881854cf280 size 96...
EUVD-2022-54573
In the Linux kernel, the following vulnerability has been resolved: can: mcan: mcanreadfifo,echotxevent: shift timestamp to full 32 bits In commit 1be37d3b0414 "can: mcan: fix periph RX path: use rx-offload to ensure skbs are sent from softirq context" the RX path for peripheral devices was...
DEBIAN-CVE-2023-53726
In the Linux kernel, the following vulnerability has been resolved: arm64: csum: Fix OoB access in IP checksum code for negative lengths Although commit c2c24edb1d9c "arm64: csum: Fix pathological zero-length calls" added an early return for zero-length input, syzkaller has popped up with an...
CVE-2023-53720
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Release the label when replacing existing ct entry Cited commit doesn't release the label mapping when replacing existing ct entry which leads to following memleak report: unreferenced object 0xffff8881854cf280 size 96...
UBUNTU-CVE-2023-53720
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Release the label when replacing existing ct entry Cited commit doesn't release the label mapping when replacing existing ct entry which leads to following memleak report: unreferenced object 0xffff8881854cf280 size 96...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987571)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987571 advisory. In the Linux kernel, the following vulnerability has been resolved: net: macsec: Fix offload support for NETDEVUNREGISTER event Current macsec netdev notify handler...
EUVD-2025-34975
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the /wp-json/optml/v1/moveimage REST API endpoint due to missing validation on a user...
CVE-2025-11519
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the /wp-json/optml/v1/moveimage REST API endpoint due to missing validation on a user...
CVE-2025-11519 Image optimization service by Optimole <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Author+) Media Offload
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the /wp-json/optml/v1/moveimage REST API endpoint due to missing validation on a user...
CVE-2025-11519
The CVE concerns the Optimole WordPress plugin (image optimization service) up to version 4.1.0, where an Insecure Direct Object Reference exists through the /wp-json/optml/v1/move_image REST endpoint due to missing validation of a user-controlled key. This allows authenticated attackers with Aut...
CVE-2025-11519 Image optimization service by Optimole <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Author+) Media Offload
The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the /wp-json/optml/v1/moveimage REST API endpoint due to missing validation on a user...
net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets
...
SUSE CVE-2025-39984
In the Linux kernel, the following vulnerability has been resolved: net: tun: Update napi-skb after XDP process The syzbot report a UAF issue: BUG: KASAN: slab-use-after-free in skbresetmacheader include/linux/skbuff.h:3150 inline BUG: KASAN: slab-use-after-free in napifragsskb net/core/gro.c:723...
SUSE CVE-2022-50515
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in hpdrxirqcreateworkqueue If construction of the array of work queues to handle hpdrxirq offload work fails, we need to unwind. Destroy all the created workqueues and the allocated memory for the...
CVE-2022-50515 drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue()
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in hpdrxirqcreateworkqueue If construction of the array of work queues to handle hpdrxirq offload work fails, we need to unwind. Destroy all the created workqueues and the allocated memory for the...
CVE-2022-50515
The connected SUSE/OSV entries confirm a concrete fix for CVE-2022-50515 in the Linux kernel’s DRM amdgpu path: memory leak in hpd_rx_irq_create_workqueue() when unwinding after failed workqueue construction. The SUSE-SU-2025:4320-1 advisory notes the SLES15 SP5 kernel update addresses this and o...
CVE-2022-50515 drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue()
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in hpdrxirqcreateworkqueue If construction of the array of work queues to handle hpdrxirq offload work fails, we need to unwind. Destroy all the created workqueues and the allocated memory for the...