KB5061197: Windows Server 2008 OOB Security Update (May 2025) (CVE-2025-32709)

The remote Windows host is missing a security update and is therefore affected by an elevation of privilege vulnerability: - Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. CVE-2025-32709 Note that Nessus has n...

CVE-2025-4056

A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines...

Fedora 41 : dotnet9.0 (2025-75bda8d944)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-75bda8d944 advisory. This is the May 2025 update for .NET 9. Release Notes: - SDK: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.5/9.0.106.md - Runtime:...

CVE-2025-29977

creationtimestamp| type| source ---|---|--- 2025-05-13 16:27:02+00:00| seen| https://www.thezdi.com/blog/2025/5/13/the-may-2025-security-update-review...

CVE-2025-46336

Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a session cookie already a major issue, the session may be restored if the attacker can trigger a lo...

CVE-2025-46734

league/commonmark is a PHP Markdown parser. A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. The league/commonmark library provides configurati...

CVE-2022-49891

In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix memory leak in testgenkprobe/kretprobecmd testgenkprobecmd only free buf in fail path, hence buf will leak when there is no failure. Move kfreebuf from fail path to common path to prevent the memleak. The sam...

CVE-2022-49808

In the Linux kernel, the following vulnerability has been resolved: net: dsa: don't leak tagger-owned storage on switch driver unbind In the initial commit dc452a471dba "net: dsa: introduce tagger-owned storage for private and shared data", we had a call to tagops-disconnectdst issued from...

CVE-2022-49806

In the Linux kernel, the following vulnerability has been resolved: net: microchip: sparx5: Fix potential null-ptr-deref in sparxstatsinit and sparx5start sparxstatsinit calls createsinglethreadworkqueue and not checked the ret value, which may return NULL. And a null-ptr-deref may happen:...

CVE-2025-37768

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Prevent division by zero The user can set any speed value. If speed is greater than UINTMAX/8, division by zero is possible. Found by Linux Verification Center linuxtesting.org with SVACE...