Important: Red Hat Security Advisory: kpatch-patch-5_14_0-70_124_1, kpatch-patch-5_14_0-70_132_1, kpatch-patch-5_14_0-70_144_1, kpatch-patch-5_14_0-70_155_1, and kpatch-patch-5_14_0-70_167_1 security update

An update for multiple packages is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

SUSE SLES15 Security Update : kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5) (SUSE-SU-2026:1770-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1770-1 advisory. This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.133 fixes various security issues The following security issues were fixed: ...

Security update for the Linux Kernel (Live Patch 30 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.121 fixes various security issues The following security issues were fixed: CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1254451. CVE-2022-50409: net: If sock is dead don't access sock's skwq in...

CLSA-2025-1763077197 Update of kernel

Rebased FIPS patches to 5.14.0-570.62.1...

PYSEC-2025-230

Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed i...

CVE-2025-64326 Weblate leaks the IP of project members inviting users to assume reviewer roles in Audit log

Weblate is a web based localization tool. In versions 5.14 and below, Weblate leaks the IP address of the project member inviting the user to the project in the audit log. The audit log includes IP addresses from admin-triggered actions, which can be viewed by invited users. This issue is fixed i...

SUSE SLES15 Security Update : kernel (Live Patch 35 for SLE 15 SP4) (SUSE-SU-2025:3712-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3712-1 advisory. This update for the Linux Kernel 5.14.21-15040024147 fixes several issues. The following security issues were fixed: - CVE-2025-38678: netfilte...

CLSA-2025-1759319631 Update of kernel

Rebased to 5.14.0-570.21.1 to add CVE fixes...

RHEL 9 : kpatch-patch-5_14_0-284_104_1, kpatch-patch-5_14_0-284_117_1, kpatch-patch-5_14_0-284_52_1, kpatch-patch-5_14_0-284_79_1, and kpatch-patch-5_14_0-284_92_1 (RHSA-2025:14599)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:14599 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module ...

SUSE SLES15 Security Update : kernel (Live Patch 25 for SLE 15 SP5) (SUSE-SU-2025:02902-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02902-1 advisory. This update for the Linux Kernel 5.14.21-15050055100 fixes several issues. The following security issues were fixed: - CVE-2025-38494: HID:...

CentOS 9 : kernel-5.14.0-605.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-605.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: can: mcan: pci: add missing mcanclassfreedev in probe/remove method...

CVE-2023-32598

Unauth. Reflected Cross-Site Scripting XSS vulnerability in A. R. Jones Featured Image Pro Post Grid plugin = 5.14 versions...

Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005568 fixes several issues. The following security issues were fixed: CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool bsc1225429. CVE-2024-36904: tcp: Use refcountincnotzero in tcptwskunique bsc1225733. CVE-2024-43861: Fix memor...

Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005559 fixes several issues. The following security issues were fixed: CVE-2024-35905: Fixed int overflow for stack access size bsc1226327. CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2024-35863: Fixed potential UAF i...

WordPress Easy Speedup by PageCDN Plugin <= 5.14 is vulnerable to Backdoor

Software Easy Speedup by PageCDN Type Plugin Vulnerable versions = 5.14 Fixed in N/A OWASP Top 10 A3: Injection Classification Backdoor CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 86c9276e839f Credits Sansec.io Required privilege Unauthenticated Published 3 Jul...

kernel security and bug fix update

5.14.0-284.18.12 - cifs: fix wrong unlock before return from cifstreeconnect - docs: Remove the unnecessary unicode character - perf vendor events intel: Refresh ivytown metrics and events - perf vendor events: Update Intel ivytown - perf vendor events intel: Refresh jaketown metrics and events -...

GSD-2023-1000403 netfilter: ipset: Rework long task execution when adding/deleting entries

netfilter: ipset: Rework long task execution when adding/deleting entries This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.19 by commit...

GSD-2022-1006848 sctp: handle the error returned from sctp_auth_asoc_init_active_key

sctp: handle the error returned from sctpauthasocinitactivekey This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...

GSD-2022-1003055 firmware: arm_ffa: Remove incorrect assignment of driver_data

firmware: armffa: Remove incorrect assignment of driverdata This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.14 by commit...

Qt allows for privilege escalation due to hard-coding of qt_prfxpath value

Overview Prior to version 5.14, Qt hard-codes the qtprfxpath value to a fixed value, which may lead to privilege escalation vulnerabilities in Windows software that uses Qt. Description Prior to version 5.14, Qt hard-codes the qtprfxpath value to a value that reflects the path where Qt exists on...