68 matches found
CVE-2025-39688
In the Linux kernel, the following vulnerability has been resolved: nfsd: allow SCSTATUSFREEABLE when searching via nfs4lookupstateid The pynfs DELEG8 test fails when run against nfsd. It acquires a delegation and then lets the lease time out. It then tries to use the deleg stateid and expects to...
CVE-2025-38104
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environment., including TLB...
wallabag/wallabag Has Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities
Impact wallabag versions prior to 2.6.11 were discovered to contain multiple Cross-Site Request Forgery CSRF vulnerabilities across several endpoints. An attacker could craft a malicious link or page that, if visited by a logged-in wallabag user, could trick the user's browser into performing...
CVE-2025-21694 affecting package kernel for versions less than 6.6.76.1-1
CVE-2025-21694 affecting package kernel for versions less than 6.6.76.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2025-21863
CVE-2025-21863 — Linux kernel io_uring opcode speculation : The vulnerability arises from the io_uring path where sqe->opcode is used for different tables, allowing speculative execution issues. The fix sanitises sqe->opcode to prevent speculation. Affected product: Linux kernel with io_uri...
CVE-2025-21863 io_uring: prevent opcode speculation
In the Linux kernel, the following vulnerability has been resolved: iouring: prevent opcode speculation sqe-opcode is used for different tables, make sure we santitise it against speculations...
CVE-2025-21836 io_uring/kbuf: reallocate buf lists on upgrade
In the Linux kernel, the following vulnerability has been resolved: iouring/kbuf: reallocate buf lists on upgrade IORINGREGISTERPBUFRING can reuse an old struct iobufferlist if it was created for legacy selected buffer and has been emptied. It violates the requirement that most of the field shoul...
CVE-2025-21837
Removed by vendor...
CVE-2022-49443 list: fix a data-race around ep->rdllist
In the Linux kernel, the following vulnerability has been resolved: list: fix a data-race around ep-rdllist eppoll first calls epeventsavailable with no lock held and checks if ep-rdllist is empty by listemptycareful, which reads rdllist-prev. Thus all accesses to it need some protection to avoid...
GLSA-202501-07 : libgsf: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202501-07 libgsf: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in libgsf. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly fro...
CVE-2024-57902
In the Linux kernel, the following vulnerability has been resolved: afpacket: fix vlangettci vs MSGPEEK Blamed commit forgot MSGPEEK case, allowing a crash 1 as found by syzbot. Rework vlangettci to not touch skb at all, so that it can be used from many cpus on the same skb. Add a const qualifier...
CVE-2024-57886
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix new damontarget objects leaks on damoncommittargets Patch series "mm/damon/core: fix memory leaks and ignored inputs from damoncommitctx". Due to two bugs in damoncommittargets and damoncommitschemes, which are...
CVE-2024-57887
In the Linux kernel, the following vulnerability has been resolved: drm: adv7511: Fix use-after-free in adv7533attachdsi The hostnode pointer was assigned and freed in adv7533parsedt, and later, adv7533attachdsi uses the same. Fix this use-after-free issue by dropping ofnodeput in adv7533parsedt...
CVE-2024-56784
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adding array index check to prevent memory corruption Why & How Array indices out of bound caused memory corruption. Adding checks to ensure that array index stays in bound...
CVE-2024-56770
In the Linux kernel, the following vulnerability has been resolved: net/sched: netem: account for backlog updates from child qdisc In general, 'qlen' of any classful qdisc should keep track of the number of packets that the qdisc itself and all of its children holds. In case of netem, 'qlen' only...
CVE-2024-56763
In the Linux kernel, the following vulnerability has been resolved: tracing: Prevent bad count for tracingcpumaskwrite If a large count is provided, it will trigger a warning in bitmapparseuser. Also check zero for it...
CVE-2024-56761
In the Linux kernel, the following vulnerability has been resolved: x86/fred: Clear WFE in missing-ENDBRANCH CPs An indirect branch instruction sets the CPU indirect branch tracker IBT into WAITFORENDBRANCH WFE state and WFE stays asserted across the instruction boundary. When the decoder finds a...
CVE-2024-56759
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when COWing tree bock and tracing is enabled When a COWing a tree block, at btrfscowblock, and we have the tracepoint tracebtrfscowblock enabled and preemption is also enabled CONFIGPREEMPT=y, we can...
CVE-2024-53157
In the Linux kernel, the following vulnerability has been resolved: firmware: armscpi: Check the DVFS OPP count returned by the firmware Fix a kernel crash with the below call trace when the SCPI firmware returns OPP count of zero. dvfsinfo.oppcount may be zero on some platforms during the reboot...
OPENSUSE-SU-2024:11787-1 libsphinxclient-0_0_1-2.2.11-6.1 on GA media
These are all security issues fixed in the libsphinxclient-001-2.2.11-6.1 package on the GA media of openSUSE Tumbleweed...