Linux Distros Unpatched Vulnerability : CVE-2025-32022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Finit provides fast init for Linux systems. Finit's urandom plugin has a heap buffer overwrite vulnerability at boot which leads to it overwriting other parts o...

Linux Distros Unpatched Vulnerability : CVE-2018-17613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Telegram Desktop aka tdesktop 1.3.16 alpha, when Use proxy is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol...

CVE-2025-51605

An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make...

Linux Distros Unpatched Vulnerability : CVE-2016-9920

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not proper...

Linux Distros Unpatched Vulnerability : CVE-2003-1580

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad...

CVE-2025-51605

An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make...

CVE-2025-38625

In the Linux kernel, the following vulnerability has been resolved: vfio/pds: Fix missing detachioas op When CONFIGIOMMUFD is enabled and a device is bound to the pdsvfiopci driver, the following WARNON trace is seen and probe fails: WARNING: CPU: 0 PID: 5040 at drivers/vfio/vfiomain.c:317...

CVE-2025-38649

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: qcs615: fix a crash issue caused by infinite loop for Coresight An infinite loop has been created by the Coresight devices. When only a source device is enabled, the coresightfindactivatedsysfssink function is...

CVE-2025-51605

An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make...

CVE-2025-51605

CVE-2025-51605 affects Shopizer 3.2.7. The server’s CORS implementation reflects the Origin header verbatim into Access-Control-Allow-Origin and enables Access-Control-Allow-Credentials: true, allowing authenticated cross-origin requests and read of sensitive responses. Supported by multiple sour...

PT-2025-34373 · Shopizer · Shopizer

Name of the Vulnerable Software and Affected Versions: Shopizer version 3.2.7 Description: The server’s Cross-Origin Resource Sharing CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling...

PT-2025-34410

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: An infinite loop in the Coresight devices, specifically within the coresight find activated sysfs sink function, can lead to a stack overflow and system crash. This occurs when only a...

CVE-2025-3639

Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 and 7.3 GA through update 36 allows unauthenticated users with valid...

PT-2025-33998 · Crocoblock · Jetsmartfilters

Name of the Vulnerable Software and Affected Versions: Crocoblock JetSmartFilters versions through 3.6.7 Description: An insertion of sensitive information into sent data issue exists in Crocoblock JetSmartFilters, allowing retrieval of embedded sensitive data. Recommendations: Update...

DEBIAN-CVE-2025-38581

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix crash when rebind ccp device for ccp.ko When CONFIGCRYPTODEVCCPDEBUGFS is enabled, rebinding the ccp device causes the following crash: $ echo '0000:0a:00.2' /sys/bus/pci/drivers/ccp/unbind $ echo '0000:0a:00.2'...

CVE-2025-38581 crypto: ccp - Fix crash when rebind ccp device for ccp.ko

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix crash when rebind ccp device for ccp.ko When CONFIGCRYPTODEVCCPDEBUGFS is enabled, rebinding the ccp device causes the following crash: $ echo '0000:0a:00.2' /sys/bus/pci/drivers/ccp/unbind $ echo '0000:0a:00.2'...

Important: kernel-livepatch-4.14.355-280.652

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 Affected Packages: kernel-livepatch-4.14.355-280.652 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Important: kernel-livepatch-4.14.355-280.664

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 Affected Packages: kernel-livepatch-4.14.355-280.664 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Linux Distros Unpatched Vulnerability : CVE-2018-12023

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific...

Linux Distros Unpatched Vulnerability : CVE-2018-12022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific...