Linux Distros Unpatched Vulnerability : CVE-2022-23476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri 1.13.8 and 1.13.9 fail to check the return value from...

Linux Distros Unpatched Vulnerability : CVE-2022-48424

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur. CVE-2022-48424 Note that Ness...

Linux Distros Unpatched Vulnerability : CVE-2022-50083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext4: add EXT4INODEHASXATTRSPACE macro in xattr.h When adding an xattr to an inode, we must ensure that the inodesize is not less than EXT4GOODOLDINODESIZE +...

Linux Distros Unpatched Vulnerability : CVE-2024-39470

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: eventfs: Fix a possible null pointer dereference in eventfsfindevents In function...

Linux Distros Unpatched Vulnerability : CVE-2018-12233

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the eaget function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two...

Linux Distros Unpatched Vulnerability : CVE-2025-38147

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - calipso: Don't call calipso functions for AFINET sk. syzkaller reported a null-ptr-deref in txoptget. 0 The offset 0x70 was of struct ipv6txoptions in struct...

CVE-2025-7726 The7 <= 12.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via title and data-dt-img-description Attributes

The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via its lightbox rendering code in all versions up to, and including, 12.6.0 due to insufficient input sanitization and output escaping. The theme’s JavaScript reads user-supplied 'title' and 'data-dt-img-description'...

Linux Distros Unpatched Vulnerability : CVE-2025-38181

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - calipso: Fix null-ptr-deref in calipsoreqset,delattr. syzkaller reported a null-ptr-deref in sockomalloc while allocating a CALIPSO option. 0 The NULL is of...

Linux Distros Unpatched Vulnerability : CVE-2024-38659

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - enic: Validate length of nl attributes in enicsetvfport enicsetvfport assumes that the nl attribute IFLAPORTPROFILE is of length PORTPROFILEMAX and that the nl...

CLSA-2025-1754649907 libxml2: Fix of CVE-2025-7425

CVE-2025-7425: fix attribute type modification in libxslt to prevent memory corruption...

CVE-2025-54639

ParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of this vulnerability may cause playback control screen display exceptions...

CVE-2025-54640

ParcelMismatch vulnerability in attribute deserialization. Impact: Successful exploitation of this vulnerability may cause playback control screen display exceptions...

Linux Distros Unpatched Vulnerability : CVE-2025-37789

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: openvswitch: fix nested key length validation in the set action It's not safe to access nlalenovskey if the data is smaller than the netlink header. Check...

Linux Distros Unpatched Vulnerability : CVE-2024-41018

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add a check for attrnames and oatbl Added out-of-bound checking for ane...

Linux Distros Unpatched Vulnerability : CVE-2017-2618

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty null write to this file can crash...

Linux Distros Unpatched Vulnerability : CVE-2023-53021

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net/sched: schtaprio: fix possible use-after-free syzbot reported a nasty crash 1 in...

Linux Distros Unpatched Vulnerability : CVE-2024-40902

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of...

calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().

...

libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...

libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may acce...