SUSE SLES15 Security Update : kernel (Live Patch 31 for SLE 15 SP4) (SUSE-SU-2025:3675-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3675-1 advisory. This update for the Linux Kernel 5.14.21-15040024133 fixes several issues. The following security issues were fixed: - CVE-2025-38678: netfilte...

CVE-2024-37992

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT 6GT2811-6BC10-2AA0 All versions V4.2, SIMATIC Reader RF610R ETSI 6GT2811-6BC10-0AA0 All versions V4.2, SIMATIC Reader RF610R FCC 6GT2811-6BC10-1AA0 All versions V4.2, SIMATIC Reader RF615R CMIIT 6GT2811-6CC10-2AA0 All versions V4....

Security Bulletin: Multiple Vulnerabilities in IBM Security Guardium Key Lifecycle Manager

Summary There are multiple vulnerabilities identified in IBM Security Guardium Key Lifecycle Manager. These vulnerabilties have been fixed in IBM Security Guardium Key Lifecycle Manager v4.2 . Please upgrade to GKLM v4.2 for the fixes. Vulnerability Details CVEID:CVE-2023-25689 DESCRIPTION: IBM...

CVE-2021-47179 NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a NULL pointer dereference in pnfsmarkmatchinglsegsreturn Commit de144ff4234f changes pnfsreturnlayout to call pnfsmarkmatchinglsegsreturn passing NULL as the struct pnfslayoutrange argument. Unfortunately,...

CVE-2021-47179

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a NULL pointer dereference in pnfsmarkmatchinglsegsreturn Commit de144ff4234f changes pnfsreturnlayout to call pnfsmarkmatchinglsegsreturn passing NULL as the struct pnfslayoutrange argument. Unfortunately,...

BIT-MONGODB-2021-32036 Denial of Service and Data Integrity vulnerability in features command

An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. This...

Moxa EDR-810 Unauthenticated Remote Code Execution with Root Privileges (CVE-2018-16282)

A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/netWebCADELETEGetValue URI. This plugin only works with Tenable.ot. Please visit...

CVE-2023-30090

Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMSUpfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2023-30090

Semcms Shop v4.2 is affected by an arbitrary file upload vulnerability in the SEMCMS_Upfile.php component, enabling an attacker to upload a crafted PHP file and achieve arbitrary code execution. Affected product: Semcms Shop 4.2; vulnerable component: SEMCMS_Upfile.php; root cause: improper file ...

CVE-2023-30090

Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMSUpfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file...

GSD-2023-1002241 mm: Always release pages to the buddy allocator in memblock_free_late().

mm: Always release pages to the buddy allocator in memblockfreelate. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.229 by commit...

GSD-2023-1002126 mm: Always release pages to the buddy allocator in memblock_free_late().

mm: Always release pages to the buddy allocator in memblockfreelate. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.89 by commit...

GSD-2023-1001794 mm: Always release pages to the buddy allocator in memblock_free_late().

mm: Always release pages to the buddy allocator in memblockfreelate. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.164 by commit...

GSD-2023-1001623 drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()

drm/amdgpu: Fix PCI device refcount leak in amdgpuatrmgetbios This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.337 by commit...

GSD-2023-1001621 regulator: core: fix module refcount leak in set_supply()

regulator: core: fix module refcount leak in setsupply This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.337 by commit...

GSD-2023-1001597 serial: amba-pl011: avoid SBSA UART accessing DMACR register

serial: amba-pl011: avoid SBSA UART accessing DMACR register This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.337 by commit...

GSD-2023-1001408 scsi: snic: Fix possible UAF in snic_tgt_create()

scsi: snic: Fix possible UAF in snictgtcreate This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

GSD-2023-1001151 drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()

drm/amdgpu: Fix PCI device refcount leak in amdgpuatrmgetbios This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.86 by commit...

GSD-2023-1001084 serial: amba-pl011: avoid SBSA UART accessing DMACR register

serial: amba-pl011: avoid SBSA UART accessing DMACR register This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.86 by commit...

GSD-2023-1001049 selftests/powerpc: Fix resource leaks

selftests/powerpc: Fix resource leaks This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.86 by commit 8de2c29db68b3d7e4cd2661059085b14c450763...