CVE-2026-55655

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack ca...

kernel: Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync

A flaw was found in the Linux kernel's Bluetooth Host Controller Interface HCI synchronization. A local user could trigger a stack buffer overflow by binding a specific type of Bluetooth socket with an excessive number of Bluetooth Isochronous Stream BIS entries. This memory corruption can lead t...

sglang 代码问题漏洞

SGLang is a programming language and runtime system developed by SGL-project, aimed at accelerating large model inference. SGLang has code vulnerabilities; one of these vulnerabilities stems from the fact that the ROUTER socket, which handles multi-modal generation during runtime scheduling, is...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21792)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21792 advisory. - In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount leak caused by settin...

SUSE-SU-2025:20953-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_10

This update for kernel-livepatch-MICRO-6-0-RTUpdate10 fixes the following issues: - CVE-2025-38664: ice: Fix a null pointer dereference in icecopyandinitpkg bsc1248631 - CVE-2025-38618: vsock: Do not allow binding to VMADDRPORTANY bsc1249207 - CVE-2025-38617: net/packet: fix a race in packetsetri...

Security update for kernel-livepatch-MICRO-6-0_Update_6

This update for kernel-livepatch-MICRO-6-0Update6 fixes the following issues: CVE-2025-38664: ice: Fix a null pointer dereference in icecopyandinitpkg bsc1248631 CVE-2025-38618: vsock: Do not allow binding to VMADDRPORTANY bsc1249207 CVE-2025-38617: net/packet: fix a race in packetsetring and...

SUSE-SU-2025:20974-1 Security update for kernel-livepatch-MICRO-6-0_Update_6

This update for kernel-livepatch-MICRO-6-0Update6 fixes the following issues: - CVE-2025-38664: ice: Fix a null pointer dereference in icecopyandinitpkg bsc1248631 - CVE-2025-38618: vsock: Do not allow binding to VMADDRPORTANY bsc1249207 - CVE-2025-38617: net/packet: fix a race in packetsetring a...

SUSE-SU-2025:20943-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_7

This update for kernel-livepatch-MICRO-6-0-RTUpdate7 fixes the following issues: - CVE-2025-38664: ice: Fix a null pointer dereference in icecopyandinitpkg bsc1248631 - CVE-2025-38618: vsock: Do not allow binding to VMADDRPORTANY bsc1249207 - CVE-2025-38617: net/packet: fix a race in packetsetrin...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988813)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988813 advisory. In the Linux kernel, the following vulnerability has been resolved: can: afcan: fix NULL pointer dereference in canrxregister It causes NULL pointer dereference when...

Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506002338 fixes several issues. The following security issues were fixed: CVE-2025-38664: ice: Fix a null pointer dereference in icecopyandinitpkg bsc1248631. CVE-2025-38617: net/packet: fix a race in packetsetring and packetnotifier bsc1249208...

Siemens SIMATIC Devices Improper Input Validation (CVE-2025-21756)

vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind and those implicitly bound through autobind during connect. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

EUVD-2025-5169

Malicious code in bioql PyPI...

EUVD-2022-55252

Malicious code in bioql PyPI...

SUSE SLES15 Security Update : kernel RT (Live Patch 2 for SLE 15 SP6) (SUSE-SU-2025:03315-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03315-1 advisory. This update for the Linux Kernel 6.4.0-150600108 fixes several issues. The following security issues were fixed: - CVE-2024-49860: ACPI: sysfs...

Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP6)

This update for the Linux Kernel 6.4.0-1506001017 fixes several issues. The following security issues were fixed: CVE-2025-38177: schhfsc: make hfscqlennotify idempotent bsc1246356. CVE-2025-38109: net/mlx5: fix ECVF vports unload on shutdown flow bsc1245685. CVE-2025-38181: calipso: Fix...

Security update for kernel-livepatch-MICRO-6-0-RT_Update_6

This update for kernel-livepatch-MICRO-6-0-RTUpdate6 fixes the following issues: CVE-2025-38177: kernel: schhfsc: make hfscqlennotify idempotent bsc1246356 CVE-2025-38109: net/mlx5: fix ECVF vports unload on shutdown flow bsc1245685 CVE-2025-38181: calipso: fix null-ptr-deref in...

PT-2025-37850

Name of the Vulnerable Software and Affected Versions: macOS Tahoe version 26 macOS Sequoia versions 15.7 macOS Sonoma version 14.8 tvOS version 26 visionOS version 26 watchOS version 26 iOS versions prior to 18.7 iPadOS versions prior to 18.7 Description: A logic issue was addressed with improve...

SUSE CVE-2025-38618

In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDRPORTANY It is possible for a vsock to autobind to VMADDRPORTANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept also has port...

SUSE CVE-2022-49972

In the Linux kernel, the following vulnerability has been resolved: xsk: Fix corrupted packets for XDPSHAREDUMEM Fix an issue in XDPSHAREDUMEM mode together with aligned mode where packets are corrupted for the second and any further sockets bound to the same umem. In other words, this does not...

CVE-2022-49972

In CVE-2022-49972, the Linux kernel vulnerability concerns XDP_SHARED_UMEM mode (with aligned mode) where packets become corrupted for the second and subsequent sockets bound to the same umem; the first socket is unaffected. The root cause was that DMA addresses for the pre-populated xsk buffer p...