UBUNTU-CVE-2022-49330

In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcpmtupprobesuccess vs wrong sndcwnd syzbot got a new report 1 finally pointing to a very old bug, added in initial support for MTU probing. tcpmtuprobe has checks about starting an MTU probe if tcpsndcwndtp = 11. But...

UBUNTU-CVE-2022-49407

In the Linux kernel, the following vulnerability has been resolved: dlm: fix plock invalid read This patch fixes an invalid read showed by KASAN. A unlock will allocate a "struct plockop" and a followed sendop will append it to a global sendlist data structure. In some cases a followed devread...

UBUNTU-CVE-2022-49420

In the Linux kernel, the following vulnerability has been resolved: net: annotate races around sk-skbounddevif UDP sendmsg is lockless, and reads sk-skbounddevif while this field can be changed by another thread. Adds minimal annotations to avoid KCSAN splats for UDP. Following patches will add...

UBUNTU-CVE-2022-49596

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpminsndmss. While reading sysctltcpminsndmss, it can be changed concurrently. Thus, we need to add READONCE to its readers...

DEBIAN-CVE-2022-49153

In the Linux kernel, the following vulnerability has been resolved: wireguard: socket: free skb in send6 when ipv6 is disabled I got a memory leak report: unreferenced object 0xffff8881191fc040 size 232: comm "kworker/u17:0", pid 23193, jiffies 4295238848 age 3464.870s hex dump first 32 bytes: 00...

UBUNTU-CVE-2022-49153

In the Linux kernel, the following vulnerability has been resolved: wireguard: socket: free skb in send6 when ipv6 is disabled I got a memory leak report: unreferenced object 0xffff8881191fc040 size 232: comm "kworker/u17:0", pid 23193, jiffies 4295238848 age 3464.870s hex dump first 32 bytes: 00...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a possible crash when the mt76 driver receives CTS packets in monitor mode...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse issue in hcisendacl in the Bluetooth driver...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from tcp not properly handling tp-sndcwnd access and settings...

The vulnerability of the NFC component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the NFC component in the Linux operating system’s kernel is related to the assignment of the NULL pointer in the sendacknowledge function. Exploiting this vulnerability can allow an attacker to trigger a service failure...

PT-2025-14328

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a type confusion vulnerability via a race condition when using ipc msg send request in the ksmbd component. This occurs because req-handle is allocated using ksmb...

kernel: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfrejectipv6: fix potential crash in nfsendreset6 I got a syzbot report without a repro 1 crashing in nfsendreset6 I think the issue is that dev-hardheaderlen is zero, and we attempt later to push an Ethernet header. U...

PT-2025-8872

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue is related to the ndisc send skb function, which can be called without RTNL or RCU held, potentially leading to a...

PT-2025-2208 · Social · Socialv

Name of the Vulnerable Software and Affected Versions: SocialV - Social Network and Community BuddyPress Theme versions up to, and including, 2.0.15 Description: The issue is related to unauthorized access of data due to a missing capability check on the socialv send download file function. This...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ovsvportsend function not properly checking that the device is in a running state when the device is...

OESA-2025-1078 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: enhanced error handling for tightly received RTS messages in xtprxrtssessionnew This patch enhances error handling in scenarios with RTS Request...

CVE-2025-0581

A vulnerability classified as problematic has been found in CampCodes School Management Software 1.0. This affects an unknown part of the file /chat/group/send of the component Chat History. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the...

Campcodes School Management Software 代码注入漏洞

Campcodes School Management Software is a school management software from Campcodes, Inc. A code injection vulnerability exists in version 1.0 of CampCodes School Management Software, which stems from a cross-site scripting attack in the parameter message in the file /chat/group/send in the...

Malicious code in openssl-node (npm)

This package executes a post-install script to collect system data and sends it to a remote server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06f19e257e800106253b9b27f14e1caac48d65284d85d47aa244d8aa9bfc97a8 Any computer that has this package installed or runni...

AZL-57534 CVE-2025-21635 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: rds: sysctl: rdstcprcv,sndbuf: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...