CVE-2025-40001

In the Linux kernel, the following vulnerability has been resolved: scsi: mvsas: Fix use-after-free bugs in mvsworkqueue During the detaching of Marvell's SAS/SATA controller, the original code calls canceldelayedwork in mvsfree to cancel the delayed work item mwq-workq. However, if mwq-workq is...

CVE-2025-34515

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in syncproject.sh that allows an attacker to escalate privileges to root. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...

EUVD-2025-34804

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in syncproject.sh that allows an attacker to escalate privileges to root. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...

CVE-2025-34515 Ilevia EVE X1 Server 4.7.18.0.eden Root Privilege Escalation

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in syncproject.sh that allows an attacker to escalate privileges to root. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...

CVE-2025-34515

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in syncproject.sh that allows an attacker to escalate privileges to root. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to...

CVE-2025-39982

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix UAF in hciaclcreateconnsync This fixes the following UFA in hciaclcreateconnsync where a connection still pending is command submission conn-state == BTOPEN maybe freed, also since this also can happen wi...

Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync

...

CVE-2023-7304

Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmcsync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, causing the application to execute arbitrary commands on the...

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.18.1 security update

Important: Red Hat OpenShift GitOps v1.18.1 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-7606 ApplicationSet: Bitbucket SCM/PR generator leaks HTTP connections GITOPS-7953 Default resource exclusions list not updated in ArgoCD CR...

EUVD-2025-34590

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix UAF in hciaclcreateconnsync This fixes the following UFA in hciaclcreateconnsync where a connection still pending is command submission conn-state == BTOPEN maybe freed, also since this also can happen wi...

EUVD-2025-34606

In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput doesn't actually call fileoperations release synchronously, it puts the file on a work queue and it will be released eventually. This is normally fine, except for iommufd t...

AZL-68510 CVE-2025-39994 affecting package kernel for versions less than 6.6.112.1-1

In the Linux kernel, the following vulnerability has been resolved: media: tuner: xc5000: Fix use-after-free in xc5000release The original code uses canceldelayedwork in xc5000release, which does not guarantee that the delayed work item timersleep has fully completed if it was already running. Th...

CVE-2025-39982

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix UAF in hciaclcreateconnsync This fixes the following UFA in hciaclcreateconnsync where a connection still pending is command submission conn-state == BTOPEN maybe freed, also since this also can happen wi...

UBUNTU-CVE-2025-39982

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix UAF in hciaclcreateconnsync This fixes the following UFA in hciaclcreateconnsync where a connection still pending is command submission conn-state == BTOPEN maybe freed, also since this also can happen wi...

CVE-2025-39994 media: tuner: xc5000: Fix use-after-free in xc5000_release

In the Linux kernel, the following vulnerability has been resolved: media: tuner: xc5000: Fix use-after-free in xc5000release The original code uses canceldelayedwork in xc5000release, which does not guarantee that the delayed work item timersleep has fully completed if it was already running. Th...

CVE-2025-39982

CVE-2025-39982 is a Linux kernel Bluetooth (hci_event) UAF in hci_acl_create_conn_sync. The initial CVE description confirms a use-after-free in hci_acl_create_conn_sync that can occur while a pending connection is being submitted (conn->state == BT_OPEN) and is similarly implicated for hci_le...

CVE-2025-39982 Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix UAF in hciaclcreateconnsync This fixes the following UFA in hciaclcreateconnsync where a connection still pending is command submission conn-state == BTOPEN maybe freed, also since this also can happen wi...

CVE-2025-39966

CVE-2025-39966 (Linux kernel, iommufd) : A race during abort for file descriptors could cause a use-after-free when the object is freed while a file’s private_data references it. The bug arises because fput() defers release() to a workqueue; ifAbort allocation fails before installing the file, th...

CVE-2023-7304

Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmcsync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, causing the application to execute arbitrary commands on the...

CVE-2023-7304 Ruijie RG-UAC nmc_sync.php Command Injection

Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmcsync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, causing the application to execute arbitrary commands on the...