CVE-2025-66371

CVE-2025-66371 affects Peppol-py prior to 1.1.1. The issue is an XXE vulnerability caused by Saxon configuration that allows the XML parser to read local files during XML-based invoice validation, potentially exposing content to a remote host. Multiple sources (RedHat, CIRCL, OSV, NVD, Snyk, CNNV...

ROS-20251128-04

Vulnerability of the smb2isvalidoplockbreak function in the fs/smb/client/smb2misc.c module of the SMB client implementation of the Linux kernel is related to the reuse of the previously released SMB protocol client implementation of the Linux kernel is related to the reuse of previously freed...

CVE-2025-66371

Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host...

PT-2025-48312

Name of the Vulnerable Software and Affected Versions Kivitendo versions prior to 3.9.2 Description Kivitendo is susceptible to an XML External Entity XXE injection. An attacker can exploit this by uploading an electronic invoice in the ZUGFeRD format, potentially allowing them to read and...

CLSA-2025-1764151168 kernel: Fix of 39 CVEs

perf/aux: Fix AUX buffer serialization CVE-2024-46713 - block: fix uaf for flush rq while iterating tags CVE-2024-53170 - zram: fix potential UAF of zram table CVE-2025-21671 - sched: schcake: add bounds checks to host bulk flow fairness counts CVE-2025-21647 - bpf: Fix UAF via mismatching...

ext4: avoid deadlock in fs reclaim with page writeback

...

PT-2026-2510

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the Btrfs file system related to handling directory moves during transactions. Specifically, the system may incorrectly log inode information when...

CVE-2025-13596

A sensitive information disclosure vulnerability exists in the error handling component of ATISoluciones CIGES Application version 2.15.6 and earlier. When certain unexpected conditions trigger unhandled exceptions, the application returns detailed error messages and stack traces to the client...

SUSE-SU-2025:21180-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-21816: hrtimers: Force migrate away hrtimers queued after bsc1238472. - CVE-2025-38653: proc: use the same treatment to check proclseek as ones for procreaditer...

kernel: ext4: fix undefined behavior in bit shift for ext4_check_flag_values

A vulnerability was identified in the Linux kernel's ext4 filesystem implementation due to a flaw in how it processes filesystem metadata. An attacker with local privileges could create a malicious ext4 filesystem image to trigger this issue. When the system attempts to mount this malicious image...

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

SUSE-SU-2025:21074-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-53164: net: sched: fix ordering of qlen adjustment bsc1234863. - CVE-2024-57891: schedext: Fix invalid irq restore in...

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

[SECURITY] Fedora 42 Update: buildah-1.42.1-1.fc42

The buildah package provides a command line tool which can be used to create a working container from scratch or create a working container from an image as a starting point mount/umount a working container's root file system for manipulation save container's root file system layer to create a ne...

kernel: ext4: fix undefined behavior in bit shift for ext4_check_flag_values

A vulnerability was identified in the Linux kernel's ext4 filesystem implementation due to a flaw in how it processes filesystem metadata. An attacker with local privileges could create a malicious ext4 filesystem image to trigger this issue. When the system attempts to mount this malicious image...

SUSE CVE-2025-40212

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix refcount leak in nfsdsetfhdentry nfsd exports a "pseudo root filesystem" which is used by NFSv4 to find the various exported filesystems using LOOKUP requests from a known root filehandle. NFSv3 uses the MOUNT protocol ...

Oracle Linux 8 : kernel (ELSA-2025-21917)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-21917 advisory. - i40e: add max boundary check for VF filters Michal Schmidt RHEL-123799 CVE-2025-39968 - i40e: fix validation of VF state in get resources Michal...

RHEL 9 : kernel-rt (RHSA-2025:22087)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:22087 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

USN-7887-1: Linux kernel (Raspberry Pi Real-time) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; -...

USN-7887-1 linux-raspi-realtime vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; -...