EUVD-2021-1023

Malware in sbrugna...

CVE-2025-54145

The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme. This vulnerability was fixed in Firefox for iOS 141...

Linux Distros Unpatched Vulnerability : CVE-2022-48762

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: arm64: extable: fix loadunalignedzeropad reg indices In exhandlerloadunalignedzeropad we...

GHSA-QX2Q-88MX-VHG7 vulnerabilities

Vulnerabilities for packages: gatus...

Linux Distros Unpatched Vulnerability : CVE-2025-37899

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix use-after-free in session logoff The sess-user object can currently be in use by another thread, for example if another connection has sent a session...

Linux Distros Unpatched Vulnerability : CVE-2025-22003

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix out of bound read in strscpy source Commit 7fdaf8966aae can: ucan: use strsc...

Linux Distros Unpatched Vulnerability : CVE-2021-47008

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Make sure GHCB is mapped before updating Access to the GHCB is mainly in the VMGEX...

Updated slurm packages fix security vulnerability

Updated slurm packages to fix a vulnerability in the Slurm’s accounting system that would have allowed a Coordinator to promote a user to Administrator CVE-2025-43904...

MGASA-2025-0213 Updated sudo packages fix security vulnerabilities

CVE-2025-32462 - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines CVE-2025-32463 - Sudo before 1.9.17p1 allows local users to obtain root access because...

CVE-2025-8033

The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

CVE-2025-8040

Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...

RHEL 8 : kernel (RHSA-2025:10828)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10828 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: um: Fix out-of-bounds read in...

MGASA-2025-0204 Updated dpkg packages fix security vulnerabilities

It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and...

AlmaLinux 9 : php:8.3 (ALSA-2025:7418)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:7418 advisory. php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth header...

GHSA-FV92-FJC5-JJ9H vulnerabilities

Vulnerabilities for packages: nri-prometheus, mattermost, nri-kubernetes, guac, kube-bench, k9s, splunk-otel-collector, gitlab-cng, hcloud, cosign, ko, tempo, conftest, clusterctl, jitsucom-bulker, terraform-provider-acme, opentelemetry-operator, cluster-api, opa, grype, dagger, thanos,...

GHSA-FV92-FJC5-JJ9H vulnerabilities

Vulnerabilities for packages: tempo-fips, trivy, datadog-agent, ko, atlantis, kube-bench, opa, docker-compose, grafana, opa-fips-envoy, elastic-agent, docker-cli-buildx, guac, policy-controller, calico-fips, kube-bench-fips, envoy-gateway-fips, pluto, aws-otel-collector,...

Updated chromium-browser-stable packages fix security vulnerabilities

Integer overflow in V8. CVE-2025-6191 Use after free in Profiler. CVE-2025-6192...

GHSA-HJ2P-8WJ8-PFQ4 vulnerabilities

Vulnerabilities for packages: yunikorn-k8shim-fips, kubernetes-csi-driver-hostpath, cloud-provider-gcp-cloud-controller-manager-fips, cloud-provider-gcp-cloud-controller-manager, azurefile-csi-fips, rancher, node-feature-discovery, emissary, docker-machine-driver-harvester, azuredisk-csi-fips,...

CVE-2025-6428

When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. This bug only affects Firefox for Android. Other versions of Firefox are unaffected.. This vulnerability was fixed in Firefox 140...

Updated golang packages fix security vulnerabilities

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673. os: inconsistent handling of OCREATE|OEXCL on Unix and Windows os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when th...