4537 matches found
DEBIAN-CVE-2023-53380
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref of mreplace in raid10syncrequest There are two check of 'mreplace' in raid10syncrequest. In the first check, 'needreplace' will be set and 'mreplace' will be used later if no-Faulty 'mreplace' exists...
CVE-2023-53380 md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref of mreplace in raid10syncrequest There are two check of 'mreplace' in raid10syncrequest. In the first check, 'needreplace' will be set and 'mreplace' will be used later if no-Faulty 'mreplace' exists...
CVE-2023-53380
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref of mreplace in raid10syncrequest There are two check of 'mreplace' in raid10syncrequest. In the first check, 'needreplace' will be set and 'mreplace' will be used later if no-Faulty 'mreplace' exists...
CVE-2023-53380 md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref of mreplace in raid10syncrequest There are two check of 'mreplace' in raid10syncrequest. In the first check, 'needreplace' will be set and 'mreplace' will be used later if no-Faulty 'mreplace' exists...
CVE-2023-53380 md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null-ptr-deref of mreplace in raid10syncrequest There are two check of 'mreplace' in raid10syncrequest. In the first check, 'needreplace' will be set and 'mreplace' will be used later if no-Faulty 'mreplace' exists...
GO-2025-3939 secrets-store-sync-controller discloses service account tokens in logs in sigs.k8s.io/secrets-store-sync-controller
secrets-store-sync-controller discloses service account tokens in logs in sigs.k8s.io/secrets-store-sync-controller...
CVE-2025-9891
The User Sync – Remote User Sync plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the mousersyncformhandler function. This makes it possible for unauthenticated attackers to...
CVE-2025-9891 User Sync – Remote User Sync <= 1.0.2 - Cross-Site Request Forgery to Plugin Deactivation
The User Sync – Remote User Sync plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the mousersyncformhandler function. This makes it possible for unauthenticated attackers to...
CVE-2025-9891
The CVE-2025-9891 entry concerns the WordPress plugin User Sync – Remote User Sync . It is vulnerable to Cross-Site Forgery (CSRF) in all versions up to and including 1.0.2 due to missing or incorrect nonce validation in the function mo_user_sync_form_handler(). This enables unauthenticated attac...
Linux Distros Unpatched Vulnerability : CVE-2025-39832
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5: Fix lockdep assertion on sync reset unload event Fix lockdep assertion triggered during sync reset unload event. When the sync reset flow is initiated...
WordPress plugin User Sync – Remote User Sync 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...
Linux Distros Unpatched Vulnerability : CVE-2023-53219
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: netupunidvb: fix use-after-free at deltimer When Universal DVB card is detaching, netupunidvbdmafini uses deltimer to stop dma-timeout timer. But when...
SUSE CVE-2025-39832
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix lockdep assertion on sync reset unload event Fix lockdep assertion triggered during sync reset unload event. When the sync reset flow is initiated using the devlink reload fwactivate option, the PF already holds the...
WordPress User Sync – Remote User Sync plugin <= 1.0.2 - Cross-Site Request Forgery to Plugin Deactivation vulnerability
Cross-Site Request Forgery to Plugin Deactivation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin User Sync versions = 1.0.2...
DEBIAN-CVE-2025-39832
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix lockdep assertion on sync reset unload event Fix lockdep assertion triggered during sync reset unload event. When the sync reset flow is initiated using the devlink reload fwactivate option, the PF already holds the...
CVE-2025-39832
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix lockdep assertion on sync reset unload event Fix lockdep assertion triggered during sync reset unload event. When the sync reset flow is initiated using the devlink reload fwactivate option, the PF already holds the...
AZL-67407 CVE-2025-39832 affecting package kernel for versions less than 6.6.104.2-1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix lockdep assertion on sync reset unload event Fix lockdep assertion triggered during sync reset unload event. When the sync reset flow is initiated using the devlink reload fwactivate option, the PF already holds the...
UBUNTU-CVE-2025-39832
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix lockdep assertion on sync reset unload event Fix lockdep assertion triggered during sync reset unload event. When the sync reset flow is initiated using the devlink reload fwactivate option, the PF already holds the...
CVE-2025-39832 net/mlx5: Fix lockdep assertion on sync reset unload event
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix lockdep assertion on sync reset unload event Fix lockdep assertion triggered during sync reset unload event. When the sync reset flow is initiated using the devlink reload fwactivate option, the PF already holds the...
CVE-2025-39832
CVE-2025-39832 concerns the Linux kernel’s mlx5 driver. The issue is a lockdep assertion triggered during the sync reset unload path, specifically when a sync reset flow is started via the devlink reload fw_activate option. The PF holds the devlink lock while handling the unload event, and the fi...