Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989720)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989720 advisory. In the Linux kernel, the following vulnerability has been resolved: ipgre: test csumstart instead of transport header GRE with TUNNELCSUM will apply local checksum...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990149)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990149 advisory. In the Linux kernel, the following vulnerability has been resolved: ipgre: test csumstart instead of transport header GRE with TUNNELCSUM will apply local checksum...

CVE-2025-40603

A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: iouring/net: Commit partial buffers during retries. Ring-provided buffers are potentially only valid within the single execution context in which they were acquired. iouring handles this by invalidating such buffers during retrie...

EUVD-2025-37343

A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data...

CVE-2025-40603

A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data...

CVE-2025-40603

A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data...

django: Potential partial directory-traversal via archive.extract()

A flaw was found in Django. The django.utils.archive.extract function, used by startapp --templateand startproject --template, allowed partial directory-traversal via an archive with file paths sharing a common prefix with the target directory...

UBUNTU-CVE-2025-40031

In the Linux kernel, the following vulnerability has been resolved: tee: fix registershmhelper In registershmhelper, fix incorrect error handling for a call to ioviterextractpages. A case is missing for when ioviterextractpages only got some pages and return a number larger than 0, but not the...

CVE-2025-40069 drm/msm: Fix obj leak in VM_BIND error path

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix obj leak in VMBIND error path If we fail a handle-lookup part way thru, we need to drop the already obtained obj references. Patchwork: https://patchwork.freedesktop.org/patch/669784/...

CVE-2025-40031

CVE-2025-40031 affects the Linux kernel where in tee, register_shm_helper() was fixed to correct error handling for iov_iter_extract_pages. The bug could trigger a NULL pointer dereference after a bad input from ioctl(TEE_IOC_SHM_REGISTER) when parts of the buffer aren’t mapped, due to a missing ...

CVE-2025-40031 tee: fix register_shm_helper()

In the Linux kernel, the following vulnerability has been resolved: tee: fix registershmhelper In registershmhelper, fix incorrect error handling for a call to ioviterextractpages. A case is missing for when ioviterextractpages only got some pages and return a number larger than 0, but not the...

EUVD-2025-36497

In the Linux kernel, the following vulnerability has been resolved: tee: fix registershmhelper In registershmhelper, fix incorrect error handling for a call to ioviterextractpages. A case is missing for when ioviterextractpages only got some pages and return a number larger than 0, but not the...

CVE-2025-40031 tee: fix register_shm_helper()

In the Linux kernel, the following vulnerability has been resolved: tee: fix registershmhelper In registershmhelper, fix incorrect error handling for a call to ioviterextractpages. A case is missing for when ioviterextractpages only got some pages and return a number larger than 0, but not the...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-33847)

f2fs: compress: Released compress inode f2fs image may be corrupted. The reason is partial truncation assume compressed inode has reserved blocks, after partial truncation, valid block count may change w/o .iblocks and .totalvalidblockcount update, resulting in corruption. This plugin only works...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Initialization (CVE-2024-50015)

ext4: dax: Overflowing extents beyond inode size when partially writing. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503434; scriptversion"1.3...

EUVD-2025-35833

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.1.4. This is due to insufficient validation on the URLs supplied via the URL parameter...

CVE-2025-5605

An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure. The known...

CVE-2025-5605 Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure

An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting in partial information disclosure. The known...

CVE-2025-5605

CVE-2025-5605 describes an authentication bypass in the Management Console of multiple WSO2 products. A malicious actor who has console access can manipulate the request URI to bypass authentication and access restricted resources, resulting in partial information disclosure. The known exposure i...