RHEL 8 : kernel (RHSA-2025:15649)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15649 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ext4: use-after-free in...

RHEL 8 : kernel (RHSA-2025:15647)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:15647 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: mm/hugetlb: fix hugepmdunshar...

SUSE CVE-2025-27466

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference...

SUSE CVE-2025-58142

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference...

Mutiple vulnerabilities in the Viridian interface

ISSUE DESCRIPTION There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference TSC area. This is CVE-2025-27466. 2. A NULL pointer dereference by assuming the SIM page is mapped when a...

PT-2025-39143

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to memory management within the bpf Berkeley Packet Filter subsystem. Specifically, the issue arises from calling bpf map kmalloc node from bpf...

Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: bpf: Don't use tnumrange on array range checking for poke descriptors CVE-2022-49985 kernel: posix-cpu-timers: fix race between...

ALSA-2025:15471 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: bpf: Don't use tnumrange on array range checking for poke descriptors CVE-2022-49985 kernel: posix-cpu-timers: fix race between handleposixcputimers and posixcputimerdel CVE-2025-38352 Fo...

CVE-2025-9519

The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This is due to insufficient restriction of shortcode attributes. This makes it possible for authenticated attackers, with Editor-level access and...

CVE-2025-9519

The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This is due to insufficient restriction of shortcode attributes. This makes it possible for authenticated attackers, with Editor-level access and...

ALSA: usb-audio: Kill timer properly at removal

...

CVE-2025-9519

CVE-2025-9519 affects the WordPress plugin Easy Timer (≤ 4.2.1). The issue enables Remote Code Execution via shortcode attributes due to insufficient restriction, exploitable by authenticated users with Editor level access or higher. Reported CVSS v3.1 base score 7.2 (HIGH) with network access, h...

CVE-2025-9519 Easy Timer <= 4.2.1 - Authenticated (Editor+) Remote Code Execution via Shortcode

The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This is due to insufficient restriction of shortcode attributes. This makes it possible for authenticated attackers, with Editor-level access and...

WordPress plugin Easy Timer 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

PT-2025-35869

Name of the Vulnerable Software and Affected Versions: Easy Timer plugin for WordPress versions prior to 4.2.2 Description: The Easy Timer plugin for WordPress is susceptible to Remote Code Execution through its shortcodes. This is caused by inadequate restriction of shortcode attributes,...

ax25: fix use-after-free bugs caused by ax25_ds_del_timer

...

bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT

...

bpf: Defer work in bpf_timer_cancel_and_free

...

LoongArch: KVM: Mark hrtimer to expire in hard interrupt context

...

Linux Distros Unpatched Vulnerability : CVE-2025-38666

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: appletalk: Fix use-after-free in AARP proxy probe The AARP proxyprobe routine aarpproxyprobenetwork sends a probe, releases the aarplock, sleeps, then...