CVE-2025-0896

Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled. This could result in unauthorized access by an attacker...

CVE-2025-0937

Nomad Community and Nomad Enterprise "Nomad" event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces...

CVE-2025-25193

Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file...

GHSA-7FC5-F82F-CX69 vulnerabilities

Vulnerabilities for packages: ruby3.2-net-imap, kube-fluentd-operator, logstash, ruby3.4-net-imap, ruby3.3-net-imap, ruby3.3-rails, ruby3.4-rails, ruby3.2-rails...

CVE-2025-1150

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfdmalloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high...

CVE-2025-21691

In the Linux kernel, the following vulnerability has been resolved: cachestat: fix page cache statistics permission checking When the 'cachestat' system call was added in commit cf264e1329fb "cachestat: implement cachestat syscall", it was meant to be a much more convenient and performant version...

CVE-2024-11831

A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by...

CVE-2024-57392

Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitrary code and can cause a Denial of Service DoS on the FTP service by sending a maliciously crafted message to the ProFTPD service port...

CVE-2025-1015

The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...

CVE-2024-56161

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP...

CVE-2025-21681

In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix lockup on tx to unregistering netdev with carrier Commit in a fixes tag attempted to fix the issue in the following sequence of calls: dooutput - ovsvportsend - devqueuexmit - devqueuexmit - netdevcorepicktx -...

CVE-2025-21671

In the Linux kernel, the following vulnerability has been resolved: zram: fix potential UAF of zram table If zrammetaalloc failed early, it frees allocated zram-table without setting it NULL. Which will potentially cause zrammetafree to access the table if user reset an failed and uninitialized...

CVE-2025-0851 vulnerabilities

Vulnerabilities for packages: opensearch...

CVE-2025-0781

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level...

CVE-2025-0781

An attacker can bypass the sandboxing of Nasal scripts and arbitrarily write to any file path that the user has permission to modify at the operating-system level...

CVE-2025-23084

A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory...

mariadb:10.11 security update

galera 26.4.20-1 - Rebase to 26.4.20 26.4.19-1 - Rebase to 26.4.19 26.4.18-1 - Rebase to 26.4.18 Judy mariadb 3:10.11.10-1 - Rebase to 10.11.10 3:10.11.9-1 - Rebase to 10.11.9...

CVE-2025-22153

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using try/except, RestrictedPython starting...

git-lfs security update

3.4.1-4 - Backport CVE-2024-53263 fixes - Resolves: RHEL-73936...

CVE-2025-21533

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.24 and prior to 7.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...