CVE-2025-44904

hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VMmemcpyvv function...

CVE-2025-5064 vulnerabilities

Vulnerabilities for packages: chromium...

CVE-2024-22653

yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasmsectionbcsappend function at section.c...

Important: Red Hat Security Advisory: zlib security update

An update for zlib is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2025-27151

Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlenfilepath when copying a user-supplied file path into a fixed-size stack buffer. This allo...

firefox security update

128.11.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 128.11.0 - Add debranding patches Mustafa Gezen - Add OpenELA default preferences Louis Abel 128.11.0-1 - Update to 128.11.0...

CVE-2025-5054

Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function checkglobalpidandforward, which detects if the crashing process resided in a container, was being called...

CVE-2025-30087

Best Practical RT Request Tracker 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL...

CVE-2025-5269

Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox ESR 128.11 and Thunderbird 128.11...

CVE-2025-47934 vulnerabilities

Vulnerabilities for packages: renovate, kibana...

CVE-2025-23394

A UNIX Symbolic Link Symlink Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1...

CVE-2025-23395

Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary locations with root ownership, the invoking user's real group ownership and file mode 0644. All data written to the...

CVE-2025-5169

A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::InternReadFile3DGSMDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. Local access is required to approac...

GHSA-7RXF-GVFG-47G4 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app, superset, kubeflow-jupyter-web-app...

CVE-2024-6844 vulnerabilities

Vulnerabilities for packages: superset, kubeflow-jupyter-web-app, kubeflow-volumes-web-app...

CVE-2025-2759

GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

CVE-2025-48060

jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function jvstringvfmt in the jqfuzzexecute harness from oss-fuzz. This crash happens on file jv.c, line 1456 void p = mallocsz;. As of time of publication, no patched versions are...

[SECURITY] Fedora 42 Update: openssh-9.9p1-11.fc42

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

nodejs:20 security update

nodejs 1:20.19.1-1 - Update to version 20.19.1 Resolves: RHEL-78764 1:20.18.2-3 - Update c-ares to 1.34.5 to address CVE-2025-31498 nodejs-nodemon nodejs-packaging...

firefox security update

128.10.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 128.10.0 - Add debranding patches Mustafa Gezen - Add OpenELA default preferences Louis Abel 128.10.0-1 - Update to 128.10.0 build1...