kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugepmdunshare vs GUP-fast race hugepmdunshare drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table used in another process in...

Bluetooth: hci_conn: Use disable_delayed_work_sync

...

Linux Distros Unpatched Vulnerability : CVE-2020-10185

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside...

PT-2025-46753

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to file system quotas. A kernel panic can occur when the panic on warn setting is enabled, specifically during writeback operations triggered by ...

CVE-2025-50986

diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting XSS vulnerabilities in its administrative settings interface. Various configuration fields such as ESHOST, ESINDEXREFRESH, ESPORT, ESSCROLLSIZE, ESTRANSLOGSIZE, ESTRANSLOGSYNCINT, EXCLUDESFILES, FILETYPES,...

CVE-2025-55177

Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We...

CLSA-2025-1756409662 xorg-x11-server: Fix of 8 CVEs

CVE-2025-26594: refuse to free the root cursor and keep its ref - CVE-2025-26595: fix buffer overflow in XkbVModMaskText - CVE-2025-26596: xkb: fix computation of XkbSizeKeySyms - CVE-2025-26597: xkb: fix buffer overflow in XkbChangeTypesOfKey - CVE-2025-26598: Xi: Fix barrier device search -...

CLSA-2025-1756408410 xorg-x11-server: Fix of 8 CVEs

CVE-2025-26594: refuse to free the root cursor and keep its ref - CVE-2025-26595: fix buffer overflow in XkbVModMaskText - CVE-2025-26596: xkb: fix computation of XkbSizeKeySyms - CVE-2025-26597: xkb: fix buffer overflow in XkbChangeTypesOfKey - CVE-2025-26598: Xi: Fix barrier device search -...

CVE-2025-50986

diskover-web v2.3.0 Community Edition suffers from multiple stored cross-site scripting XSS vulnerabilities in its administrative settings interface. Various configuration fields such as ESHOST, ESINDEXREFRESH, ESPORT, ESSCROLLSIZE, ESTRANSLOGSIZE, ESTRANSLOGSYNCINT, EXCLUDESFILES, FILETYPES,...

Linux Distros Unpatched Vulnerability : CVE-2020-8227

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicat...

PT-2025-37977

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A lockdep assertion issue was resolved in the net/mlx5 component of the Linux kernel. The issue occurred during a sync reset unload event when the PF already held the devlink lock while...

AsgoreCore (>=0.1.0 <=0.1.2), RustyBox (=0.1.0) +424 more potentially affected by unknown CVE via xcb (>=0.10.1 <=1.2.2)

xcb CARGO version =0.10.1, =0.1.0, =0.1.0, =0.4.0, =0.1.0, =1.0.9, =0.6.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.3.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-655H-HG88-5QMF...

AZL-66513 CVE-2025-38593 affecting package kernel for versions less than 6.6.117.1-1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix double free in 'hcidiscoveryfilterclear' Function 'hcidiscoveryfilterclear' frees 'uuids' array and then sets it to NULL. There is a tiny chance of the following race: 'hcicmdsyncwork'...

CVE-2025-38593

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix double free in 'hcidiscoveryfilterclear' Function 'hcidiscoveryfilterclear' frees 'uuids' array and then sets it to NULL. There is a tiny chance of the following race: 'hcicmdsyncwork'...

DEBIAN-CVE-2025-38574

In the Linux kernel, the following vulnerability has been resolved: pptp: ensure minimal skb length in pptpxmit Commit aabc6596ffb3 "net: ppp: Add bound checking for skb data on pppsynctxmung" fixed pppsynctxmunge We need a similar fix in pptpxmit, otherwise we might read uninit data as reported ...

AZL-66521 CVE-2025-38578 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fssyncinodemeta syzbot reported an UAF issue as below: 1 2 1 https://syzkaller.appspot.com/text?tag=CrashReport&x=16594c60580000 ================================================================== BUG:...

CVE-2025-38593 Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()'

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix double free in 'hcidiscoveryfilterclear' Function 'hcidiscoveryfilterclear' frees 'uuids' array and then sets it to NULL. There is a tiny chance of the following race: 'hcicmdsyncwork'...

CVE-2025-49047

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in keeross DigitalOcean Spaces Sync do-spaces-sync allows Stored XSS.This issue affects DigitalOcean Spaces Sync: from n/a through = 2.2.1...

CVE-2025-38538 dmaengine: nbpfaxi: Fix memory corruption in probe()

In the Linux kernel, the following vulnerability has been resolved: dmaengine: nbpfaxi: Fix memory corruption in probe The nbpf-chan array is allocated earlier in the nbpfprobe function and it has "numchannels" elements. These three loops iterate one element farther than they should and corrupt...

Security Updates for Azure File Sync Agent (August 2025)

The Microsoft Azure File Sync Agent running on the remote host is prior to 18.3, 19.x prior to 19.2, 20.x prior to 20.1, or 21.x prior to 21.1. It is, therefore affected by an elevation of privilege vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the...