CVE-2025-59088

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

CLSA-2025-1762957887 perl-App-cpanminus: Fix of CVE-2024-45321

CVE-2024-45321: patch the code to use https instead of http...

EUVD-2025-124918

In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: m2m: Fix streaming cleanup on release If streamon/streamoff calls are imbalanced, such as when exiting an application with Ctrl+C when streaming, the m2m usagecount will never reach zero and the ISI channel...

AZL-70013 CVE-2025-40168 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: smc: Use skdstget and dstdevrcu in smcclcprfxmatch. smcclcprfxmatch is called from smclistenwork and not under RCU nor RTNL. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the returned value o...

AZL-69995 CVE-2025-40135 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6xmit Use RCU in ip6xmit in order to use dstdevrcu to prevent possible UAF...

UBUNTU-CVE-2025-40168

In the Linux kernel, the following vulnerability has been resolved: smc: Use skdstget and dstdevrcu in smcclcprfxmatch. smcclcprfxmatch is called from smclistenwork and not under RCU nor RTNL. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the returned value o...

CVE-2025-40139

CVE-2025-40139 affects the Linux kernel in the SMC (Shared Memory Communications) path. The issue is in the function smc_clc_prfx_set(), which is invoked during connect() and is not protected by RCU prior to dereferencing sk_dst_get(sk)->dev. This can lead to a use-after-free when the device i...

CVE-2025-40135

CVE-2025-40135 : In the Linux kernel, the IPv6 transmit path (ip6_xmit) was fixed to use RCU, switching to dst_dev_rcu() to prevent a potential use-after-free. The vulnerability is addressed by the kernel patch referenced in multiple vendor advisories (e.g., Rocky Linux/RHSA/ELSA/NASL entries) wh...

CVE-2025-40120 net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock

In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock Prevent USB runtime PM autosuspend for AX88772 in bind. usbnet enables runtime PM autosuspend by default, so disabling it via the usbdriver flag is ineffective. O...

Malicious Package

Overview 4meme-readable-stream is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview aes-core-valid-ipherv is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

kernel: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf()

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf snprintf returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow although it's...

kernel: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data The MT7921 driver no longer uses eeprom.data, but the relevant code has not been removed completely since commit 16d98b548365 "mt76: mt7921: rely on...

Linux Distros Unpatched Vulnerability : CVE-2025-40158

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv6: use RCU in ip6output Use RCU in ip6output in order to use dstdevrcu to prevent possible UAF. We can remove rcureadlock/rcureadunlock pairs from...

MAL-2025-137645 Malicious code in utomo-kue63-sumpek (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c3211dbf48501db8f45cf871e4e4545fa5163e5a4545a6bd3b3864ace9922f0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

rack: Rack's multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion)

A flaw was found in Rack where Rack::Multipart::Parser stores non-file form fields entirely in memory without size limits. An attacker can send a multipart/form-data request with an extremely large text field, causing the server to allocate large amounts of memory which leads to a denial of servi...

kernel: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmsmac: add gain range check to wlcphyiqcalgainparamsnphy In 'wlcphyiqcalgainparamsnphy', add gain range check to WARN instead of possible out-of-bounds 'tbliqcalgainparamsnphy' access. Compile tested only. Found by Linux...

Malicious Package

Overview transform-es2015-block-scoping is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

Malicious Package

Overview supports-validation-checkerlib is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

Malicious Package

Overview grumpy-squidward is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...