1084 matches found
BIT-NGINX-GATEWAY-2025-53859 NGINX ngx_mail_smtp_module vulnerability
NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...
Moderate: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
PT-2025-51636
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s DRM/radeon driver related to fence processing. Specifically, the radeon fence process function was unnecessarily called within the is signaled functio...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990913)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990913 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Call crypto layer directly when padatadoparallel return -EBUSY Since commit...
CVE-2025-40176
In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tlsstrpmsghold fails Async decryption calls tlsstrpmsghold to create a clone of the input skb to hold references to the memory it uses. If we fail to allocate that clone, proceeding with...
CVE-2025-40176
In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tlsstrpmsghold fails Async decryption calls tlsstrpmsghold to create a clone of the input skb to hold references to the memory it uses. If we fail to allocate that clone, proceeding with...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990845)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990845 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix idatasem unlock order in ext4indmigrate Fuzzing reports a possible deadlock in...
MAL-2025-116136 Malicious code in ocha-enting4-miaww (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3212c4b18f90e22e562a458469f9bb5267c4d6ed743d94cf4221f2619b59e441 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
kernel: rxrpc: Fix missing locking causing hanging calls
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing locking causing hanging calls If a call gets aborted e.g. because kafs saw a signal between it being queued for connection and the I/O thread picking up the call, the abort will be prioritised over the connecti...
kernel: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write
In the Linux kernel, the following vulnerability has been resolved: iouring/rw: fix missing NOWAIT check for ODIRECT start write When iouring starts a write, it'll call kiocbstartwrite to bump the super block rwsem, preventing any freezes from happening while that write is in-flight. The freeze...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989035)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989035 advisory. In the Linux kernel, the following vulnerability has been resolved: can: isotp: isotpsendmsg: add result check for waiteventinterruptible Using waiteventinterruptibl...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989995)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989995 advisory. In the Linux kernel, the following vulnerability has been resolved: driver core: Fix waitfordeviceprobe & deferredprobetimeout interaction Mounting NFS rootfs was...
kernel: tls: separate no-async decryption request handling from async
In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and return its result. We...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: md/raid1: The issue of stack memory usage after a return in the raid1reshape function has been fixed. In the raid1reshape function, the newpool is allocated on the stack and assigned to conf-r1biopool. This causes...
SUSE CVE-2025-40047
In the Linux kernel, the following vulnerability has been resolved: iouring/waitid: always prune wait queue entry in iowaitidwait For a successful return, always remove our entry from the wait queue entry list. Previously this was skipped if a cancelation was in progress, but this can race with...
Siemens SIMATIC Devices Use After Free (CVE-2024-36904)
In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcountincnotzero in tcptwskunique. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...
UBUNTU-CVE-2025-40047
In the Linux kernel, the following vulnerability has been resolved: iouring/waitid: always prune wait queue entry in iowaitidwait For a successful return, always remove our entry from the wait queue entry list. Previously this was skipped if a cancelation was in progress, but this can race with...
EUVD-2025-36480
In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Let userspace take care of interrupt mask Remove the logic to set interrupt mask by default in uiohvgeneric driver as the interrupt mask value is supposed to be controlled completely by the user space. If the mask b...
CVE-2025-40047
In the Linux kernel, the following vulnerability has been resolved: iouring/waitid: always prune wait queue entry in iowaitidwait For a successful return, always remove our entry from the wait queue entry list. Previously this was skipped if a cancelation was in progress, but this can race with...
CVE-2025-40047
CVE-2025-40047 affects the Linux kernel io_uring waitid path. The root cause was a race where a wait queue entry could remain due to cancellation in progress, leading to missed cleanup. The connected advisories confirm the fix as: always prune the wait queue entry in io_waitid_wait() on successfu...