UBUNTU-CVE-2022-50447

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix crash on hcicreatecissync When attempting to connect multiple ISO sockets without using DEFERSETUP may result in the following crash: BUG: KASAN: null-ptr-deref in hcicreatecissync+0x18b/0x2b0 Read of size...

UBUNTU-CVE-2022-50422

In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in smpexecutetasksg When executing SMP task failed, the smpexecutetasksg calls deltimer to delete "slowtask-timer". However, if the timer handler sastaskinternaltimedout is running, the deltim...

CVE-2022-50447 Bluetooth: hci_conn: Fix crash on hci_create_cis_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix crash on hcicreatecissync When attempting to connect multiple ISO sockets without using DEFERSETUP may result in the following crash: BUG: KASAN: null-ptr-deref in hcicreatecissync+0x18b/0x2b0 Read of size...

CVE-2022-50422

CVE-2022-50422 affects the Linux kernel’s SCSI LIBSAS path. When SMP task execution fails, smp_execute_task_sg() calls del_timer() to remove slow_task->timer, but if sas_task_internal_timedout() is running, the timer isn’t stopped, causing a use-after-free of task->slow_task. The fix is to ...

CVE-2025-39896

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Prevent recovery work from being queued during device removal Use disableworksync instead of cancelworksync in ivpudevfini to ensure that no new recovery work items can be queued after device removal has started...

UBUNTU-CVE-2025-39896

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Prevent recovery work from being queued during device removal Use disableworksync instead of cancelworksync in ivpudevfini to ensure that no new recovery work items can be queued after device removal has started...

CVE-2025-39896 accel/ivpu: Prevent recovery work from being queued during device removal

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Prevent recovery work from being queued during device removal Use disableworksync instead of cancelworksync in ivpudevfini to ensure that no new recovery work items can be queued after device removal has started...

PT-2025-40107

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the libsas component of the Linux kernel, specifically within the smp execute task sg function. This occurs when an SMP task execution fails, and the del...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the presence of a null pointer dereference in the hcicreatecissync function, which could lead to a system...

PT-2025-40132

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-rc7-02243-gb84a13ff4eda Description A crash can occur in the Bluetooth stack when attempting to connect multiple ISO sockets without using DEFER SETUP. This issue is related to a null-ptr-deref in the hci...

Sync_Breeze_Enterprise_10.0.28_Remote_Buffer_Overflow_Exploit

Sync Breeze Enterprise...

[SECURITY] Fedora 43 Update: nextcloud-31.0.9-1.fc43

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2025-091 (ALASKERNEL-5.15-2025-091)

The version of kernel installed on the remote host is prior to 5.15.193-133.214. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2025-091 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix KASAN:...

CVE-2025-9894

The Sync Feedly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the crsfcronjobfunc function. This makes it possible for unauthenticated attackers to trigger content synchronizati...

CVE-2025-9894 Sync Feedly <= 1.0.1 - Cross-Site Request Forgery to Sync Trigger

The Sync Feedly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the crsfcronjobfunc function. This makes it possible for unauthenticated attackers to trigger content synchronizati...

WordPress Sync Feedly plugin <= 1.0.1 - Cross-Site Request Forgery to Sync Trigger vulnerability

Cross-Site Request Forgery to Sync Trigger vulnerability discovered by Nabil Irawan in WordPress Plugin Sync Feedly versions = 1.0.1...

WordPress plugin Sync Feedly 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

SUSE-SU-2025:20824-1 Security update for curl

This update for curl fixes the following issues: - CVE-2025-9086: Fixed Out of bounds read for cookie path bsc1249191 - CVE-2025-10148: Predictable WebSocket mask bsc1249348 - Fix the --ftp-pasv option in curl v8.14.1 bsc1246197 - tooloperate: fix return code when --retry is used but not triggere...

Linux Distros Unpatched Vulnerability : CVE-2025-39859

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ptp: ocp: fix use-after-free bugs causing by ptpocpwatchdog The ptpocpdetach only shuts down the watchdog timer if it is pending. However, if the timer handler ...

Linux Distros Unpatched Vulnerability : CVE-2025-39844

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm: move page table sync declarations to linux/pgtable.h During our internal testing, we started observing intermittent boot failures when the machine uses...