Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989610)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989610 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix null ptr deref on hcisyncconncompleteevt This event is just specified for SCO and...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989127)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989127 advisory. In the Linux kernel, the following vulnerability has been resolved: atm: nicstar: Fix possible use-after-free in nicstarcleanup This module's remove path calls...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989206)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989206 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix race at SNDCTLDSPSYNC There is a small race window at sndpcmosssync that is...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989298)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989298 advisory. In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix possible use-after-free by calling deltimersync This driver's remove path calls...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989320)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989320 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciqca: Use deltimersync before freeing While looking at a crash report on a timer lis...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989755)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989755 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - Fix ADFDEVRESETSYNC memory leak Using completiondone to determine whether the calle...

PT-2025-53014

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description The Linux kernel’s Panthor DRM driver contains a use-after-free issue. The panthor fw unplug function frees firmware memory sections, but pending firmware events may still be processing ...

net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC

...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: drm/msm: Another leak in the submit error path has been fixed. putunusedfd does not free the allocated file if we have already performed fdinstall. Therefore, we also need to free the syncfile. Patchwork:...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Prevents recovery work from being queued during device removal. Use disableworksync instead of cancelworksync in ivpudevfini to ensure that no new recovery work items can be queued after device removal has started...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fixed the lockdep assertion that occurred during the sync reset unload event. The lockdep assertion was triggered during the sync reset unload event. When the sync reset flow is initiated using the devlink reload...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net/smc: fixed an issue where a NULL pointer was dereferenced in smcibissgneedsync BUG: NULL pointer dereferencing in the kernel, address: 00000000000002ec PGD 0 P4D 0 Oops: 0000 1 SMP PTI CPU: 28 UID: 0 PID: 343 Comm: kworker/28...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net:kcm: A race condition was fixed in kcmunattach. syzbot identified a race condition when kcmunattachpsock and kcmreleasekcm are executed simultaneously. The kcmunattach function lacks a check for the kcm-txstopped flag before...

CVE-2025-11975

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...

CVE-2025-11975

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...

EUVD-2025-37289

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...

CVE-2025-11975 FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Missing Authorization to Authenticated (Subscriber+) Sync Rule Creation

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...

CVE-2025-11975 FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Missing Authorization to Authenticated (Subscriber+) Sync Rule Creation

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...

CVE-2025-64118

node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...

CVE-2025-64118

The CVE-2025-64118 issue affects node-tar (Tar for Node.js). In version 7.5.1, reading tar entries with .t/.list using { sync: true } can return uninitialized memory if the tar file is changed on disk to a smaller size during read. This memory contents exposure is fixed in version 7.5.2. The vuln...