7456 matches found
USN-7887-1 linux-raspi-realtime vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; -...
Moderate: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
kernel: i40e: fix idx validation in config queues msg
A flaw was found in the Linux kernel in the Intel i40e network driver such that in the function i40evcconfigqueuesmsg, when iterating over vf-chidx, the idx value is not properly validated against the range of active/initialized traffic classes TCs. An attacker with local privileges could supply ...
kernel: i40e: add validation for ring_len param
A flaw was identified in the Intel “i40e” Ethernet driver in the Linux Kernel where the ringlen parameter supplied by a VF virtual function is passed unchecked to the hardware memory context. If a malicious Virtual function provides a too-large or misaligned ringlen, it may allow the device to...
Moderate: Red Hat Security Advisory: kernel-rt security update
An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
RHEL 8 : kernel (RHSA-2025:21917)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21917 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: NFS: Fix a race when updating...
Moderate: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: NFS: Fix a race when updating an existing write CVE-2025-39697 kernel: i40e: fix idx validation in config queues msg CVE-2025-3997...
ALSA-2025:21917 Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: NFS: Fix a race when updating an existing write CVE-2025-39697 kernel: i40e: fix idx validation in config queues msg CVE-2025-39971 For more details about the security issues, including t...
python-kdcproxy: Remote DoS via unbounded TCP upstream buffering
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...
python-kdcproxy: Remote DoS via unbounded TCP upstream buffering
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...
python-kdcproxy: Remote DoS via unbounded TCP upstream buffering
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...
TencentOS Server 4: kernel (TSSA-2025:0347)
"The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0347 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilitie...
TencentOS Server 4: kernel (TSSA-2025:0437)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0437 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
mptcp: do not queue data on closed subflows
...
python-kdcproxy: Remote DoS via unbounded TCP upstream buffering
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...
CVE-2025-12349
The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...
CVE-2025-12349 Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Mailing Queue Trigger
The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...
CVE-2025-12349
CVE-2025-12349 concerns the WordPress plugin Icegram Express – Email Subscribers, Newsletters and Marketing Automation . The vulnerability is a missing authorization check in the function trigger_mailing_queue_sending , allowing unauthenticated actors to force immediate email sending, bypass the ...
Bluetooth: When HCI work queue is drained, only queue chained work
...
PT-2025-47426
The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the trigger mailing queue...