2500 matches found
CVE-2025-13042 vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2025-64996
In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mkinotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification ...
CVE-2025-39866 affecting package kernel for versions less than 6.6.112.1-1
CVE-2025-39866 affecting package kernel for versions less than 6.6.112.1-1. A patched version of the package is available...
CVE-2025-40197
In the Linux kernel, the following vulnerability has been resolved: media: mc: Clear minor number before put device The device minor should not be cleared after the device is released...
CVE-2025-64517
sudo-rs is a memory safe implementation of sudo and su written in Rust. With Defaults targetpw or Defaults rootpw enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10...
GHSA-FMX9-HRMG-3X9V vulnerabilities
Vulnerabilities for packages: binutils...
GHSA-JP92-PQPQ-F69P vulnerabilities
Vulnerabilities for packages: binutils...
GHSA-G3Q3-PMMG-P6P8 vulnerabilities
Vulnerabilities for packages: binutils...
CVE-2025-40134
In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in dmsuspend There is a race condition between dm device suspend and table load that can lead to null pointer dereference. The issue occurs when suspend is invoked before table load completes: BUG...
CVE-2025-40158
In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6output Use RCU in ip6output in order to use dstdevrcu to prevent possible UAF. We can remove rcureadlock/rcureadunlock pairs from ip6finishoutput2...
CVE-2025-40148
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL pointer checks in dcstream cursor attribute functions The function dcstreamsetcursorattributes currently dereferences the stream pointer and nested members stream-ctx-dc-currentstate without checking for...
CVE-2025-40123
In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expectedattachtype for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpfprogtestrunxdp function within the Linux kernel's BPF subsystem. This...
CVE-2024-25621 vulnerabilities
Vulnerabilities for packages: cilium-cli, dagger, rancher, skaffold, eksctl, kubescape, k8ssandra-client, cluster-api-helm-controller, kube-arangodb, kots, docker, wolfictl, helm-mapkubeapis, kubescape-operator, trivy-operator, helm, helm-set-status, consul-k8s, teleport, k8sgpt, k9s, melange, k3...
CVE-2025-64486
calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve...
CVE-2025-52881 vulnerabilities
Vulnerabilities for packages: dagger, blob-csi, skaffold, sriov-network-device-plugin, kubescape, kots, docker, k8s-device-plugin, kubescape-operator, trivy-operator, wolfictl, node-feature-discovery, grafana-alloy, buildah, kubernetes, k9s, undock, k3s, nerdctl, neuvector-scanner, rancher-agent,...
CVE-2025-40780 affecting package bind for versions less than 9.20.15-1
CVE-2025-40780 affecting package bind for versions less than 9.20.15-1. A patched version of the package is available...
[SECURITY] Fedora 42 Update: qt5-qtconnectivity-5.15.18-1.fc42
Qt5 - Connectivity components...
[SECURITY] Fedora 42 Update: dtkcore-5.7.7-4.fc42
Deepin tool kit core modules...
[SECURITY] Fedora 43 Update: rust-get-size-derive2-0.7.0-1.fc43
Derives the GetSize trait...
CVE-2025-62507
Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this...