UBUNTU-CVE-2025-21840

In the Linux kernel, the following vulnerability has been resolved: thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header The intel-lpmd tool 1, which uses the THERMALGENLATTRCPUCAPABILITY attribute to receive HFI events from kernel space, encounters a segmentation fault...

CVE-2025-21840 thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header

In the Linux kernel, the following vulnerability has been resolved: thermal/netlink: Prevent userspace segmentation fault by adjusting UAPI header The intel-lpmd tool 1, which uses the THERMALGENLATTRCPUCAPABILITY attribute to receive HFI events from kernel space, encounters a segmentation fault...

CVE-2025-21840

CVE-2025-21840 affects the Linux kernel thermal netlink interface. The intel-lpmd tool segfaults because THERMAL_GENL_ATTR_CPU_CAPABILITY’s raw value changed in a commit, while intel_lpmd still used the old value. The documented fix moves THERMAL_GENL_ATTR_TZ_PREV_TEMP to the end of enum thermal_...

SUSE CVE-2025-27516

Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the...

CVE-2025-27823

An issue was discovered in the Mail Disguise module before 1.x-1.0.5 for Backdrop CMS. It enables a website to obfuscate email addresses, and should prevent spambots from collecting them. The module doesn't sufficiently validate the data attribute value on links, potentially leading to a Cross Si...

Backdrop CMS 跨站脚本漏洞

Backdrop CMS is a content management system CMS from Backdrop CMS open source. A cross-site scripting vulnerability exists in Backdrop CMS versions prior to 1.x-1.0.5, which stems from insufficient validation of data attributes and could lead to cross-site scripting attacks...

Linux Distros Unpatched Vulnerability : CVE-2025-21653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netsched: clsflow: validate TCAFLOWRSHIFT attribute syzbot found that TCAFLOWRSHIFT attribute was not validated. Right shitfing a 32bit integer is undefined for...

Linux Distros Unpatched Vulnerability : CVE-2024-56663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix NL80211ATTRMLOLINKID off-by-one Since the netlink attribute range...

CLSA-2025-1741215440 Fix CVE(s): CVE-2024-47175

SECURITY UPDATE: PPD injection issues - debian/patches/CVE-2024-47175.patch: validate URIs, attribute names, capabilities, and sanitize make and model in cups/ppd-cache.c, scheduler/ipp.c - CVE-2024-47175...

AZL-57800 CVE-2025-27516 affecting package python-jinja2 for versions less than 3.0.3-7

Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the...

CVE-2025-27516

Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the...

AZL-57878 CVE-2025-27516 affecting package python-jinja2 for versions less than 3.1.2-3

Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the...

DEBIAN-CVE-2025-27516

Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the...

Template Injection

Overview Jinja2 is a template engine written in pure Python. It provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Affected versions of this package are vulnerable to Template Injection through the |attr filter. An attacker that contro...

CVE-2025-27516 Jinja sandbox breakout through attr filter selecting format method

Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the...

CVE-2025-22493 Improper cookie attributes in Foreseer Reporting Software (FRS)

Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software FRS. Absence of this secure flag could lead into the session cookie being transmitted over unencrypted HTTP connections. This security issue has been resolved in the latest version of FRS v1.5.100...

CVE-2025-22493 Improper cookie attributes in Foreseer Reporting Software (FRS)

Secure flag not set and SameSIte was set to Lax in the Foreseer Reporting Software FRS. Absence of this secure flag could lead into the session cookie being transmitted over unencrypted HTTP connections. This security issue has been resolved in the latest version of FRS v1.5.100...

Jinja 安全漏洞

Jinja is a fast, expressive and extensible template engine open-sourced by Pallets. A security vulnerability exists in Jinja versions prior to 3.1.6, which stems from an attribute filter bypassing the sandbox and leading to the execution of arbitrary code...

Linux Distros Unpatched Vulnerability : CVE-2024-26933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port disable sysfs attribute The show and store callback routines...

Linux Distros Unpatched Vulnerability : CVE-2023-28708

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies creat...