Microsoft Outlook - Remote Code Execution (RCE)

Titles: Microsoft Outlook - Remote Code Execution RCE Author: nu11secur1ty Date: 07/06/2025 Vendor: Microsoft Software: https://www.microsoft.com/en-us/microsoft-365/outlook/log-in Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47176...

SUSE CVE-2025-38114

In the Linux kernel, the following vulnerability has been resolved: e1000: Move cancelworksync to avoid deadlock Previously, e1000down called cancelworksync for the e1000 reset task via e1000downandstop, which takes RTNL. As reported by users and syzbot, a deadlock is possible in the following...

SUSE CVE-2025-38119

In the Linux kernel, the following vulnerability has been resolved: scsi: core: ufs: Fix a hang in the error handler ufshcderrhandlingprepare calls ufshcdrpmgetsync. The latter function can only succeed if UFSHCDEHINPROGRESS is not set because resuming involves submitting a SCSI command and...

SUSE CVE-2025-38128

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: reject malformed HCICMDSYNC commands In 'mgmthcicmdsync', check whether the size of parameters passed in 'struct mgmtcphcicmdsync' matches the total size of the data i.e. 'sizeofstruct mgmtcphcicmdsync' plus...

CLSA-2025-1751538844 libgcrypt: Fix of CVE-2024-2236

Synced to upstream plus ASN.1 patch - Tested on AlmaLinux 9.5 - Fix CVE-2024-2236 RHEL-34579...

AZL-64505 CVE-2025-38105 affecting package kernel for versions less than 6.6.112.1-1

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Kill timer properly at removal The USB-audio MIDI code initializes the timer, but in a rare case, the driver might be freed without the disconnect call. This leaves the timer in an active state while the assigned...

UBUNTU-CVE-2025-38128

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: reject malformed HCICMDSYNC commands In 'mgmthcicmdsync', check whether the size of parameters passed in 'struct mgmtcphcicmdsync' matches the total size of the data i.e. 'sizeofstruct mgmtcphcicmdsync' plus...

UBUNTU-CVE-2025-38114

In the Linux kernel, the following vulnerability has been resolved: e1000: Move cancelworksync to avoid deadlock Previously, e1000down called cancelworksync for the e1000 reset task via e1000downandstop, which takes RTNL. As reported by users and syzbot, a deadlock is possible in the following...

CVE-2025-38128

Technical details on CVE-2025-38128 are not publicly provided in the connected documents. The advisories reference the vulnerability at a high level but do not expand on affected products, versions, root cause, exploit details, or fixes within this dataset. Monitor for updates.

CVE-2025-38128 Bluetooth: MGMT: reject malformed HCI_CMD_SYNC commands

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: reject malformed HCICMDSYNC commands In 'mgmthcicmdsync', check whether the size of parameters passed in 'struct mgmtcphcicmdsync' matches the total size of the data i.e. 'sizeofstruct mgmtcphcicmdsync' plus...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from Bluetooth MGMT not validating the length of the HCICMDSYNC parameter, which could result in an out-of-bounds...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an improperly sequenced call to cancelworksync in the e1000 driver, which could result in a deadlock...

PT-2025-27700

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A deadlock issue has been identified in the Linux kernel, specifically in the e1000 driver. The problem occurs when e1000 down calls cancel work sync for the e1000 reset task, which ca...

CVE-2025-34066

An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle MITM attacks...

CVE-2025-5936

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar function. This makes it possible for unauthenticated attackers to trigger a calendar sync via a...

CVE-2025-5936

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar function. This makes it possible for unauthenticated attackers to trigger a calendar sync via a...

CVE-2025-5936

CVE-2025-5936 documents a Cross-Site Forgery vulnerability in the WordPress VR Calendar plugin. Affected versions are all up to and including 2.4.7, where missing or incorrect nonce validation in the syncCalendar() function allows unauthenticated attackers to trigger a calendar sync via a forged ...

CVE-2025-5936 VR Calendar <= 2.4.7 - Cross-Site Request Forgery to Calendar Sync

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar function. This makes it possible for unauthenticated attackers to trigger a calendar sync via a...

CVE-2025-5936 VR Calendar <= 2.4.7 - Cross-Site Request Forgery to Calendar Sync

The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.7. This is due to missing or incorrect nonce validation on the syncCalendar function. This makes it possible for unauthenticated attackers to trigger a calendar sync via a...

kernel: tipc: fix use-after-free Read in tipc_named_reinit

A vulnerability was found in the Linux kernel's Transparent Inter-Process Communication TIPC subsystem, allowing a use-after-free condition during the cleanup process. This issue arises when the kernel's work queue mechanism does not properly synchronize the destruction of TIPC namespaces with th...