CVE-2025-32460

GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call...

CVE-2009-5063 affecting package syslinux for versions less than libpng-1.2.39

CVE-2009-5063 affecting package syslinux for versions less than libpng-1.2.39. A patched version of the package is available...

CVE-2024-31852 affecting package clang16 for versions less than 16.0.0-1

CVE-2024-31852 affecting package clang16 for versions less than 16.0.0-1. A patched version of the package is available...

CVE-2025-22009

In the Linux kernel, the following vulnerability has been resolved: regulator: dummy: force synchronous probing Sometimes I get a NULL pointer dereference at boot time in kobjectget with the following call stack: anatopregulatorprobe devmregulatorregister regulatorregister regulatorresolvesupply...

CVE-2025-32414

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...

CVE-2025-29769

libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally within libvips as "multiband". There aren't...

CVE-2025-29482

Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO Sample Adaptive Offset processing of libde265...

CVE-2025-3360

A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the gdatetimenewfromiso8601 function...

Low: Red Hat Security Advisory: python3.12 security update

An update for python3.12 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CVE-2025-29479

Removed by vendor...

CVE-2025-32365

Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check...

Important: Red Hat Security Advisory: python-jinja2 security update

An update for python-jinja2 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

ROS-20250403-02

A vulnerability in the QPDF PDF conversion command line utility is related to the creation of a .pdf file with the PlASCII85Decoder::write parameter in libqpdf. .pdf file with the PlASCII85Decoder::write parameter in libqpdf. Exploitation of the vulnerability could allow an attacker to execute...

ROS-20250403-09

Apache Tomcat application server vulnerability is related to accepting input path data as an internal point without verification. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information and execute arbitrary code. unauthorized access to...

firefox security update

128.9.0-2.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 128.9.0 - Add debranding patches Mustafa Gezen - Add OpenELA default preferences Louis Abel 128.9.0-2 - Update to 128.9.0 build2 128.9.0...

Moderate: Red Hat Security Advisory: expat security update

An update for expat is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CVE-2025-21989

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix missing .istwopixelspercontainer Starting from 6.11, AMDGPU driver, while being loaded with amdgpu.dc=1, due to lack of .istwopixelspercontainer function in dce60tgfuncs, causes a NULL pointer dereference on...

CVE-2024-45699

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the abo...

CVE-2025-30204 affecting package prometheus for versions less than 2.37.9-3

CVE-2025-30204 affecting package prometheus for versions less than 2.37.9-3. A patched version of the package is available...

CVE-2025-21901

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Add sanity checks on rdev validity There is a possibility that ulpirqstop and ulpirqstart callbacks will be called when the device is in detached state. This can cause a crash due to NULL pointer dereference as the...