Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991176)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991176 advisory. In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use after free bugs Read/WriteMACREG callbacks are NULL so the...

EulerOS 2.0 SP13 : openssl (EulerOS-SA-2025-2506)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and writ...

CVE-2025-66474 XWiki vulnerable to remote code execution through insufficient protection against {{/html}} injection

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against /html injection, which...

CVE-2025-40830

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the filetransfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...

CVE-2023-53795

In the Linux kernel, the following vulnerability has been resolved: iommufd: IOMMUFDDESTROY should not increase the refcount syzkaller found a race where IOMMUFDDESTROY increments the refcount: obj = iommufdgetobjectucmd-ictx, cmd-id, IOMMUFDOBJANY; if ISERRobj return PTRERRobj;...

CVE-2025-61809 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation o...

EUVD-2023-60161

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2025-40830

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the filetransfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...

CVE-2023-53839 dccp: fix data-race around dp->dccps_mss_cache

In the Linux kernel, the following vulnerability has been resolved: dccp: fix data-race around dp-dccpsmsscache dccpsendmsg reads dp-dccpsmsscache before locking the socket. Same thing in dodccpgetsockopt. Add READONCE/WRITEONCE annotations, and change dccpsendmsg to check again dccpsmsscache aft...

CVE-2023-53839

The CVE-2023-53839 entry concerns a data race in the Linux kernel's DCCP path. Specifically, dccp_sendmsg() and do_dccp_getsockopt() read dp->dccps_mss_cache before acquiring the socket lock, allowing a race with concurrent updates. The fix adds READ_ONCE()/WRITE_ONCE() annotations and modifie...

CVE-2023-53835

The CVE-2023-53835 entry concerns the Linux kernel ext4 filesystem: when remounting from read-only to read/write, SB_RDONLY can be cleared before quota is initialized, potentially triggering a WARN_ON_ONCE(dquot_initialize_needed(inode)) in ext4_xattr_block_set(). The issue is documented with a d...

CVE-2023-53835

...

CVE-2023-53835

Removed by vendor...

PT-2025-49839

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the file transfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...

Amazon Linux 2023 : cups-filters, cups-filters-devel, cups-filters-libs (ALAS2023-2025-1291)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1291 advisory. CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters package as library functions to be used for the data form...

CVE-2025-13639

Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Low...

CVE-2023-53759

In the Linux kernel, the following vulnerability has been resolved: HID: hidraw: fix data race on device refcount The hidrawopen function increments the hidraw device reference counter. The counter has no dedicated synchronization mechanism, resulting in a potential data race when concurrently...

CVE-2025-40302

In the Linux kernel, the following vulnerability has been resolved: media: videobuf2: forbid removebufs when legacy fileio is active vb2ioctlremovebufs call manipulates queue internal buffer list, potentially overwriting some pointers used by the legacy fileio access mode. Forbid that ioctl when...

PT-2025-49489

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A data race exists in the hidraw open function concerning the hidraw device reference counter. This occurs because the reference counter lacks a dedicated synchronization mechanism,...

Linux Distros Unpatched Vulnerability : CVE-2025-40302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: videobuf2: forbid removebufs when legacy fileio is active vb2ioctlremovebufs call manipulates queue internal buffer list, potentially overwriting some...