CVE-2025-38528 affecting package kernel for versions less than 5.15.200.1-1

CVE-2025-38528 affecting package kernel for versions less than 5.15.200.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-38565 affecting package kernel for versions less than 5.15.200.1-1

CVE-2025-38565 affecting package kernel for versions less than 5.15.200.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-38680 affecting package kernel for versions less than 5.15.200.1-1

CVE-2025-38680 affecting package kernel for versions less than 5.15.200.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-38391 affecting package kernel for versions less than 5.15.200.1-1

CVE-2025-38391 affecting package kernel for versions less than 5.15.200.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-39693 affecting package kernel for versions less than 5.15.200.1-1

CVE-2025-39693 affecting package kernel for versions less than 5.15.200.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-25307 WordPress XStore Core plugin < 5.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in 8theme XStore Core et-core-plugin allows DOM-Based XSS.This issue affects XStore Core: from n/a through 5.7...

CVE-2025-67529

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in OpalWP Fashion fashion2 allows PHP Local File Inclusion.This issue affects Fashion: from n/a through 5.3.0...

CVE-2018-20699 affecting package podman for versions less than 5.6.1-2

CVE-2018-20699 affecting package podman for versions less than 5.6.1-2. An upgraded version of the package is available that resolves this issue...

AZL-73022 CVE-2025-38401 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: mtk-sd: Prevent memory corruption from DMA map failure If msdcpreparedata fails to map the DMA region, the request is not prepared for data receiving, but msdcstartdata proceeds the DMA with previous setting. Since this will lead...

CVE-2018-1000651

Stroom version 5.4.5 contains a XML External Entity XXE vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file...

AZL-61677 CVE-2025-22062 affecting package kernel for versions less than 5.15.184.1-1

In the Linux kernel, the following vulnerability has been resolved: sctp: add mutual exclusion in procsctpdoudpport We must serialize calls to sctpudpsockstop and sctpudpsockstart or risk a crash as syzbot reported: Oops: general protection fault, probably for non-canonical address...

AZL-59757 CVE-2025-21981 affecting package kernel for versions less than 5.15.180.1-1

In the Linux kernel, the following vulnerability has been resolved: ice: fix memory leak in aRFS after reset Fix aRFS accelerated Receive Flow Steering structures memory leak by adding a checker to verify if aRFS memory is already allocated while configuring VSI. aRFS objects are allocated in two...

AZL-55076 CVE-2024-56739 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: rtc: check if rtcreadtime was successful in rtctimerdowork If the rtcreadtime call fails,, the struct rtctime tm; may contain uninitialized data, or an illegal date/time read from the RTC hardware. When calling rtctmtoktime later...

AZL-55561 CVE-2024-56640 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix LGR and link use-after-free issue We encountered a LGR/link use-after-free issue, which manifested as the LGR/link refcnt reaching 0 early and entering the clear process, making resource access unsafe. refcountt:...

AZL-49994 CVE-2024-46854 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETHZLEN When sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. Avoid this by extending all packets to ETHZLEN, ensuring nothing is leaked in the padding...

AZL-49173 CVE-2024-46674 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thus error path "undoplatformdevalloc" is entirely bogus. It drops the reference count from...

AZL-51387 CVE-2024-43846 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases...

AZL-27638 CVE-2023-33952 affecting package hyperv-daemons for versions less than 5.15.158.1-1

A double-free vulnerability was found in handling vmwbufferobject objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to...

AZL-25740 CVE-2023-1249 affecting package kernel for versions less than 5.15.107.1-2

A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 "coredump: Use the vma snapshot in fillfilesnote" not applied yet, then kernel could be affected...