CVE-2025-47811

In Wing FTP Server through 7.4.4, the administrative web interface listening by default on port 5466 runs as root or SYSTEM by default. The web application itself offers several legitimate ways to execute arbitrary system commands i.e., through the web console or the task scheduler, and they are...

AZL-65019 CVE-2025-38311 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: iavf: get rid of the crit lock Get rid of the crit lock. That frees us from the error prone logic of trylocks. Thanks to netdevlock by Jakub it is now easy, and in most cases we were protected by it already - replace crit lock by...

DEBIAN-CVE-2025-38311

In the Linux kernel, the following vulnerability has been resolved: iavf: get rid of the crit lock Get rid of the crit lock. That frees us from the error prone logic of trylocks. Thanks to netdevlock by Jakub it is now easy, and in most cases we were protected by it already - replace crit lock by...

UBUNTU-CVE-2025-38311

In the Linux kernel, the following vulnerability has been resolved: iavf: get rid of the crit lock Get rid of the crit lock. That frees us from the error prone logic of trylocks. Thanks to netdevlock by Jakub it is now easy, and in most cases we were protected by it already - replace crit lock by...

DEBIAN-CVE-2025-38261

In the Linux kernel, the following vulnerability has been resolved: riscv: save the SRSUM status over switches When threads/tasks are switched we need to ensure the old execution's SRSUM state is saved and the new thread has the old SRSUM state restored. The issue was seen under heavy load...

DEBIAN-CVE-2025-38253

In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix crash in wacomaesbatteryhandler Commit fd2a9b29dc9c "HID: wacom: Remove AES powersupply after extended inactivity" introduced wacomaesbatteryhandler which is scheduled as a delayed work aesbatterywork. In...

UBUNTU-CVE-2025-38261

In the Linux kernel, the following vulnerability has been resolved: riscv: save the SRSUM status over switches When threads/tasks are switched we need to ensure the old execution's SRSUM state is saved and the new thread has the old SRSUM state restored. The issue was seen under heavy load...

CVE-2025-38261

CVE-2025-38261 affects the Linux kernel on riscv. The root cause is improper handling of the SR_SUM CSR during task switches, where a sleeping function passed to put_user() could clear SR_SUM and trigger a crash under heavy load (e.g., with syz-stress). The patch adds saving and restoring SR_SUM ...

CVE-2025-38261 riscv: save the SR_SUM status over switches

In the Linux kernel, the following vulnerability has been resolved: riscv: save the SRSUM status over switches When threads/tasks are switched we need to ensure the old execution's SRSUM state is saved and the new thread has the old SRSUM state restored. The issue was seen under heavy load...

PT-2025-28889

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 5.12.0-rc2-syzkaller-00467-g0d7588ab9ef9 and earlier. Description: A flaw exists in the Linux kernel's task switching routine on RISC-V architecture. Specifically, the issue relates to the handling of the SR SUM status...

UniAud: a Unified Auditing Framework for High Auditing Power and Utility with One Training Run

Differentially private DP optimization has been widely adopted as a standard approach to provide rigorous privacy guarantees for training datasets. DP auditing verifies whether a model trained with DP optimization satisfies its claimed privacy level by estimating empirical privacy lower bounds...

Addressing the Devastating Effects of Single-Task Data Poisoning in Exemplar-Free Continual Learning

Our research addresses the overlooked security concerns related to data poisoning in continual learning CL. Data poisoning - the intentional manipulation of training data to affect the predictions of machine learning models - was recently shown to be a threat to CL training stability. While...

SUSE CVE-2025-38234

In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in pushrttask Overview ======== When a CPU chooses to call pushrttask and picks a task to push to another CPU's runqueue then it will call findlocklowestrq method which would take a double lock on both CPUs'...

CVE-2025-34074

An authenticated remote code execution vulnerability exists in Lucee’s administrative interface due to insecure design in the scheduled task functionality. An administrator with access to /lucee/admin/web.cfm can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled...

DEBIAN-CVE-2025-38234

In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in pushrttask Overview ======== When a CPU chooses to call pushrttask and picks a task to push to another CPU's runqueue then it will call findlocklowestrq method which would take a double lock on both CPUs'...

CVE-2025-38234

In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in pushrttask Overview ======== When a CPU chooses to call pushrttask and picks a task to push to another CPU's runqueue then it will call findlocklowestrq method which would take a double lock on both CPUs'...

CVE-2025-38234

In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in pushrttask Overview ======== When a CPU chooses to call pushrttask and picks a task to push to another CPU's runqueue then it will call findlocklowestrq method which would take a double lock on both CPUs'...

AZL-70430 CVE-2025-38234 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in pushrttask Overview ======== When a CPU chooses to call pushrttask and picks a task to push to another CPU's runqueue then it will call findlocklowestrq method which would take a double lock on both CPUs'...

UBUNTU-CVE-2025-38234

In the Linux kernel, the following vulnerability has been resolved: sched/rt: Fix race in pushrttask Overview ======== When a CPU chooses to call pushrttask and picks a task to push to another CPU's runqueue then it will call findlocklowestrq method which would take a double lock on both CPUs'...

CVE-2025-38234

CVE-2025-38234 affects the Linux kernel sched/rt code. The issue is a race in push_rt_task that can race with task migration and wakeups, potentially leaving a task in a pushable list even after it has migrated or run, leading to scheduler crashes such as NULL dereferences or BUG_ON failures. A f...