Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991185)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991185 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix abort all task initialization In pm80xxsendabortall, the nelem field of the ccb...

CVE-2025-63737

Cross-site scripting XSS vulnerability in function urltestAction in file cliAction.php in Xinhu Rainrock RockOA 2.7.0 allows remote attackers to inject arbitrary web script or HTML via the m parameter to the task.php endpoint...

Exploit for Improper Access Control in Shirt-Pocket Superduper\!

CVE-2025-61229 Description From the developer's blog:...

CVE-2022-50661

A memory leak flaw was found in the Linux kernel's seccomp subsystem. When a process using seccomp filters is interrupted by a fatal signal during clone, the seccompfilter structure and associated BPF program memory are not properly freed. This occurs because copyseccomp is called before the...

SUSE CVE-2022-50671

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix "kernel NULL pointer dereference" error When rxequeueinit in the function rxeqpinitreq fails, both qp-req.task.func and qp-req.task.arg are not initialized. Because of creation of qp fails, the function rxecreateqp...

📄 Xorcom CompletePBX 5.2.35 Remote Code Execution

Xorcom CompletePBX suffers from an authenticated command injection vulnerability within the Task Scheduler subsystem. An attacker with valid superadmin credentials can create a scheduled task containing unsanitized parameters that get executed by the backend, resulting in remote command execution...

Linux Distros Unpatched Vulnerability : CVE-2022-50661

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - seccomp: Move copyseccomp to no failure path. Our syzbot instance reported memory leaks in doseccomp 0, similar to the report 1. It shows that we miss freeing...

EUVD-2023-60146

In the Linux kernel, the following vulnerability has been resolved: iavf: use internal state to free traffic IRQs If the system tries to close the netdev while iavfresettask is running, LINKSTATESTART will be cleared and netifrunning will return false in iavfreinitinterruptscheme. This will resul...

CVE-2025-63737

Cross-site scripting XSS vulnerability in function urltestAction in file cliAction.php in Xinhu Rainrock RockOA 2.7.0 allows remote attackers to inject arbitrary web script or HTML via the m parameter to the task.php endpoint...

CVE-2025-63737

Cross-site scripting XSS vulnerability in function urltestAction in file cliAction.php in Xinhu Rainrock RockOA 2.7.0 allows remote attackers to inject arbitrary web script or HTML via the m parameter to the task.php endpoint...

CVE-2022-50671

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix "kernel NULL pointer dereference" error When rxequeueinit in the function rxeqpinitreq fails, both qp-req.task.func and qp-req.task.arg are not initialized. Because of creation of qp fails, the function rxecreateqp...

UBUNTU-CVE-2022-50671

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix "kernel NULL pointer dereference" error When rxequeueinit in the function rxeqpinitreq fails, both qp-req.task.func and qp-req.task.arg are not initialized. Because of creation of qp fails, the function rxecreateqp...

CVE-2023-53850

CVE-2023-53850: Linux kernel iavf driver vulnerability where closing netdev during iavf_reset_task() could clear __LINK_STATE_START and trigger a leak in irq management; the issue is mitigated by using the internal adapter state so that traffic IRQs remain managed. The advisory notes that traffic...

CVE-2022-50671 RDMA/rxe: Fix "kernel NULL pointer dereference" error

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix "kernel NULL pointer dereference" error When rxequeueinit in the function rxeqpinitreq fails, both qp-req.task.func and qp-req.task.arg are not initialized. Because of creation of qp fails, the function rxecreateqp...

CVE-2022-50671

CVE-2022-50671 : In the Linux kernel, the RDMA/rxe path had a NULL pointer dereference during rxe_queue_init failure. Specifically, when rxe_qp_init_req fails, qp->req.task.func and qp->req.task.arg may remain uninitialized. If qp creation subsequently fails, rxe_create_qp invokes rxe_qp_do...

CVE-2022-50671 RDMA/rxe: Fix "kernel NULL pointer dereference" error

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix "kernel NULL pointer dereference" error When rxequeueinit in the function rxeqpinitreq fails, both qp-req.task.func and qp-req.task.arg are not initialized. Because of creation of qp fails, the function rxecreateqp...

CVE-2022-50661

In the Linux kernel, the following vulnerability has been resolved: seccomp: Move copyseccomp to no failure path. Our syzbot instance reported memory leaks in doseccomp 0, similar to the report 1. It shows that we miss freeing struct seccompfilter and some objects included in it. We can reproduce...

CVE-2025-63737

Cross-site scripting XSS vulnerability in function urltestAction in file cliAction.php in Xinhu Rainrock RockOA 2.7.0 allows remote attackers to inject arbitrary web script or HTML via the m parameter to the task.php endpoint...

CVE-2025-63737

Cross-site scripting XSS vulnerability in function urltestAction in file cliAction.php in Xinhu Rainrock RockOA 2.7.0 allows remote attackers to inject arbitrary web script or HTML via the m parameter to the task.php endpoint...

PT-2025-49702

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to RDMA/rxe functionality. Specifically, a potential NULL pointer dereference can occur within the rxe qp init req function when rxe queue init...