CVE-2025-38237 media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode()

In the Linux kernel, the following vulnerability has been resolved: media: platform: exynos4-is: Add hardware sync wait to fimcishwchangemode In fimcishwchangemode, the function changes camera modes without waiting for hardware completion, risking corrupted data or system hangs if subsequent...

CVE-2025-38237

CVE-2025-38237 pertains to the Linux kernel, specifically the media: platform: exynos4-is code path. The issue arises in fimc_is_hw_change_mode(), where camera mode changes occur without waiting for hardware completion, risking data corruption or system hangs if subsequent operations race with ha...

Azure File Sync Agent v21.2 Release – July 2025

Azure File Sync Agent v21.2 Release – July 2025 This article describes the improvements and issues that are fixed in the Azure File Sync Agent v21.2 release that is dated July 2025. Additionally, this article contains installation instructions for this release. Improvements and issues that are...

PT-2025-33776

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a use-after-free UAF vulnerability in the f2fs sync inode meta function. This issue was identified by syzkaller and results from improper handling of memory,...

Microsoft Outlook - Remote Code Execution (RCE)

Titles: Microsoft Outlook - Remote Code Execution RCE Author: nu11secur1ty Date: 07/06/2025 Vendor: Microsoft Software: https://www.microsoft.com/en-us/microsoft-365/outlook/log-in Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47176...

SUSE CVE-2025-38114

In the Linux kernel, the following vulnerability has been resolved: e1000: Move cancelworksync to avoid deadlock Previously, e1000down called cancelworksync for the e1000 reset task via e1000downandstop, which takes RTNL. As reported by users and syzbot, a deadlock is possible in the following...

SUSE CVE-2025-38119

In the Linux kernel, the following vulnerability has been resolved: scsi: core: ufs: Fix a hang in the error handler ufshcderrhandlingprepare calls ufshcdrpmgetsync. The latter function can only succeed if UFSHCDEHINPROGRESS is not set because resuming involves submitting a SCSI command and...

SUSE CVE-2025-38128

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: reject malformed HCICMDSYNC commands In 'mgmthcicmdsync', check whether the size of parameters passed in 'struct mgmtcphcicmdsync' matches the total size of the data i.e. 'sizeofstruct mgmtcphcicmdsync' plus...

CLSA-2025-1751538844 libgcrypt: Fix of CVE-2024-2236

Synced to upstream plus ASN.1 patch - Tested on AlmaLinux 9.5 - Fix CVE-2024-2236 RHEL-34579...

AZL-64505 CVE-2025-38105 affecting package kernel for versions less than 6.6.112.1-1

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Kill timer properly at removal The USB-audio MIDI code initializes the timer, but in a rare case, the driver might be freed without the disconnect call. This leaves the timer in an active state while the assigned...

UBUNTU-CVE-2025-38114

In the Linux kernel, the following vulnerability has been resolved: e1000: Move cancelworksync to avoid deadlock Previously, e1000down called cancelworksync for the e1000 reset task via e1000downandstop, which takes RTNL. As reported by users and syzbot, a deadlock is possible in the following...

UBUNTU-CVE-2025-38128

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: reject malformed HCICMDSYNC commands In 'mgmthcicmdsync', check whether the size of parameters passed in 'struct mgmtcphcicmdsync' matches the total size of the data i.e. 'sizeofstruct mgmtcphcicmdsync' plus...

CVE-2025-38128

Technical details on CVE-2025-38128 are not publicly provided in the connected documents. The advisories reference the vulnerability at a high level but do not expand on affected products, versions, root cause, exploit details, or fixes within this dataset. Monitor for updates.

CVE-2025-38128 Bluetooth: MGMT: reject malformed HCI_CMD_SYNC commands

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: reject malformed HCICMDSYNC commands In 'mgmthcicmdsync', check whether the size of parameters passed in 'struct mgmtcphcicmdsync' matches the total size of the data i.e. 'sizeofstruct mgmtcphcicmdsync' plus...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from Bluetooth MGMT not validating the length of the HCICMDSYNC parameter, which could result in an out-of-bounds...

PT-2025-27700

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A deadlock issue has been identified in the Linux kernel, specifically in the e1000 driver. The problem occurs when e1000 down calls cancel work sync for the e1000 reset task, which ca...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an improperly sequenced call to cancelworksync in the e1000 driver, which could result in a deadlock...

CVE-2025-34066

An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle MITM attacks...

CVE-2025-5936

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar function. This makes it possible for unauthenticated attackers to trigger a calendar sync via a...

CVE-2025-5936

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar function. This makes it possible for unauthenticated attackers to trigger a calendar sync via a...