Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992591)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992591 advisory. In the Linux kernel, the following vulnerability has been resolved: tty: serial: Fix refcount leak bug in uccuart.c In socinfo, offindnodebytype will return a node...

[SECURITY] Fedora 43 Update: duc-1.4.6-1.fc43

Duc is a collection of tools for indexing, inspecting and visualizing disk usage. Duc maintains a database of accumulated sizes of directories of the file system, and allows you to query this database with some tools, or create fancy graphs showing you where your bytes are...

[SECURITY] Fedora 43 Update: gdu-5.32.0-1.fc43

Fast disk usage analyzer with console interface written in Go...

[SECURITY] Fedora 42 Update: gdu-5.32.0-1.fc42

Fast disk usage analyzer with console interface written in Go...

CVE-2025-54322

XSpeeder SXZOS firmware (CVE-2025-54322) is affected. The vulnerability resides in the Django-based web interface where unsafe use of Python eval() on base64-decoded input from the chkid parameter (along with title and oIP) enables unauthenticated remote code execution with root privileges. Affec...

EUVD-2025-205413

Gitea before 1.22.2 allows XSS because the search input box for creating tags and branches is v-html instead of v-text...

EUVD-2025-205404

A vulnerability was identified in UTT 进取 512W up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/ConfigExceptMSN. Such manipulation of the argument remark leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be us...

TencentOS Server 4: python-urllib3 (TSSA-2025:0972)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0972 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2023-53997

In the Linux kernel, the following vulnerability has been resolved: thermal: of: fix double-free on unregistration Since commit 3d439b1a2ad3 "thermal/core: Alloc-copy-free the thermal zone parameters structure", thermalzonedeviceregister allocates a copy of the tzp argument and frees it when...

CVE-2023-54021

In the Linux kernel, the following vulnerability has been resolved: ext4: set goal start correctly in ext4mbnormalizerequest We need to set acgex to notify the goal start used in ext4mbfindbygoal. Set acgex instead of acfex in ext4mbnormalizerequest. Besides we should assure goal start is in rang...

SUSE CVE-2023-54111

In the Linux kernel, the following vulnerability has been resolved: pinctrl: rockchip: Fix refcount leak in rockchippinctrlparsegroups offindnodebyphandle returns a node pointer with refcount incremented, We should use ofnodeput on it when not needed anymore. Add missing ofnodeput to avoid refcou...

SUSE CVE-2023-54149

In the Linux kernel, the following vulnerability has been resolved: net: dsa: avoid suspicious RCU usage for synced VLAN-aware MAC addresses When using the felix driver the only one which supports UC filtering and MC filtering as a DSA master for a random other DSA switch, one can see the followi...

EUVD-2023-60296

In the Linux kernel, the following vulnerability has been resolved: net: dsa: avoid suspicious RCU usage for synced VLAN-aware MAC addresses When using the felix driver the only one which supports UC filtering and MC filtering as a DSA master for a random other DSA switch, one can see the followi...

EUVD-2023-60303

In the Linux kernel, the following vulnerability has been resolved: gtp: Fix use-after-free in gtpencapdestroy. syzkaller reported use-after-free in gtpencapdestroy. 0 It shows the same process freed sk and touched it illegally. Commit e198987e7dd7 "gtp: fix suspicious RCU usage" added locksock a...

UBUNTU-CVE-2023-54105

In the Linux kernel, the following vulnerability has been resolved: can: isotp: check CAN address family in isotpbind Add missing check to block non-AFCAN binds. Syzbot created some code which matched the right sockaddr struct size but used AFXDP 0x2C instead of AFCAN 0x1D in the address family...

UBUNTU-CVE-2023-54149

In the Linux kernel, the following vulnerability has been resolved: net: dsa: avoid suspicious RCU usage for synced VLAN-aware MAC addresses When using the felix driver the only one which supports UC filtering and MC filtering as a DSA master for a random other DSA switch, one can see the followi...

CVE-2023-54149

CVE-2023-54149 concerns the Linux kernel, where the felix driver used as a DSA master for another DSA switch can trigger a stack trace when VLAN-aware bridges join. The root cause is a call path where vlan_for_each() is expected to run with rtnl_lock() context but does not, inside DSA’s ndo_set_r...

CVE-2023-54142

CVE-2023-54142 affects the Linux kernel gtp: use-after-free in __gtp_encap_destroy(). The issue arises when releasing a socket with sk_user_data after the final reference is dropped, leading to use-after-free as reported by syzkaller. A patch (commit e198987e7dd7) titled “gtp: fix suspicious RCU ...

CVE-2022-50765 RISC-V: kexec: Fix memory leak of elf header buffer

In the Linux kernel, the following vulnerability has been resolved: RISC-V: kexec: Fix memory leak of elf header buffer This is reported by kmemleak detector: unreferenced object 0xff2000000403d000 size 4096: comm "kexec", pid 146, jiffies 4294900633 age 64.792s hex dump first 32 bytes: 7f 45 4c ...

CVE-2023-54027 iio: core: Prevent invalid memory access when there is no parent

In the Linux kernel, the following vulnerability has been resolved: iio: core: Prevent invalid memory access when there is no parent Commit 813665564b3d "iio: core: Convert to use firmware node handle instead of OF node" switched the kind of nodes to use for label retrieval in device registration...