TencentOS Server 2: kernel (TSSA-2024:1033)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1033 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

TencentOS Server 3: redis (TSSA-2022:0174)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0174 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

ALSA-2025:9080 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: eth: bnxt: fix truesize for mb-xdp-pass case CVE-2025-21961 kernel: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2capsendcmd CVE-2025-21969 kernel: cifs: Fix integer overflow while...

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: eth: bnxt: fix truesize for mb-xdp-pass case CVE-2025-21961 kernel: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2capsendcmd CVE-2025-21969 kernel: cifs: Fix integer overflow while...

TencentOS Server 2: freeradius (TSSA-2024:0379)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0379 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

TencentOS Server 2: kernel (TSSA-2024:1032)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1032 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

TencentOS Server 3: go-toolset:rhel8 (TSSA-2022:0152)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0152 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

New Linux Vulnerabilities

They're interesting: Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux...

Linux Crash Reporting Flaws (CVE-2025-5054, 4598) Expose Password Hashes

Qualys details CVE-2025-5054 and CVE-2025-4598, critical vulnerabilities affecting Linux crash reporting tools like Apport and systemd-coredump. Learn how…...

Amazon Linux 2023 : nerdctl (ALAS2023-2025-980)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-980 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which...

Amazon Linux 2023 : soci-snapshotter (ALAS2023-2025-981)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-981 advisory. The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which...

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit TRU. Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs...

Qualys TRU Discovers Two Local Information Disclosure Vulnerabilities in Apport and systemd-coredump: CVE-2025-5054 and CVE-2025-4598

The Qualys Threat Research Unit TRU has discovered two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities. The first CVE-2025-5054 affects Ubuntu's core-dump handler, Apport , and the second CVE-2025-4598 targets...

Wireshark Multiple Vulnerabilities (May 2025) - Linux

Wireshark is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"; ifdescripti...

CVE-2025-4134 Lack of file validation in Avast Business Antivirus for Linux allows writing untrusted update files

Lack of file validation in doupdatevps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write...

Mozilla Firefox Security Advisory (MFSA2025-42) - Linux

The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2025-42. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

[SECURITY] [DLA 4178-1] linux security update

Debian LTS Advisory DLA-4178-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings May 25, 2025 https://wiki.debian.org/LTS Package : linux Version : 5.10.237-1 CVE ID : CVE-2021-47247 CVE-2021-47489 CVE-2022-48893 CVE-2022-49046 CVE-2022-49190 CVE-2022-49219...

Slackware Linux 15.0 ffmpeg Multiple Vulnerabilities (SSA:2025-143-01)

The version of ffmpeg installed on the remote host is prior to 4.4.6. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-143-01 advisory. New ffmpeg packages are available for Slackware 15.0 to fix security issues. Tenable has extracted the preceding description...

CVE-2023-4104

An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected. This vulnerability affects Mozilla VPN 2.16.1 Linux...

CVE-2023-44211

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent Linux, macOS, Windows before build 31637, Acronis Cyber Protect 16 Linux, Windows before build 37391...