OESA-2025-2412 gdb security update

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: A critical vulnerability was found in GNU Binutils version 2.45. This vulnerability is classified as CWE-122...

Linux Distros Unpatched Vulnerability : CVE-2025-61908

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null...

CVE-2025-10729 affecting package qtsvg for versions less than 6.6.1-3

CVE-2025-10729 affecting package qtsvg for versions less than 6.6.1-3. A patched version of the package is available...

uninitialized memory disclosure via vfs_streams_xattr

Description An authenticated user can read an unlimited number of samples of discarded heap memory, due to a failure to initialise memory in streamsxattrpwrite in the vfsstreamsxattr file server module. This is achieved by issuing write requests that creates holes in the file. Samba erases known...

Linux Distros Unpatched Vulnerability : CVE-2018-1335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line o...

Linux Distros Unpatched Vulnerability : CVE-2025-61912

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes \x00 incorrectly by...

PT-2025-42477

Name of the Vulnerable Software and Affected Versions Webmin version 2.510 Description Webmin version 2.510 has a flaw in the password reset functionality forgot send.cgi. The reset link sent to users is created using the HTTP Host header through the get webmin email url function. An attacker can...

SUSE CVE-2025-11494

A vulnerability was found in GNU Binutils 2.45. Impacted is the function bfdx86elflatesizesections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Th...

CVE-2025-61601 BigBlueButton vulnerable to DoS via PollSubmitVote GraphQL mutation

BigBlueButton is an open-source virtual classroom. A Denial of Service DoS vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash the entire server by abusing the polling feature's Choices response type. By submitting a malicious payload with a massive array in...

CVE-2025-11439

A vulnerability was found in JhumanJ OpnForm up to 1.9.3. This issue affects some unknown processing of the file /show/integrations. Performing manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The pat...

CVE-2025-11436

A vulnerability was detected in JhumanJ OpnForm up to 1.9.3. Affected by this issue is some unknown functionality of the file /answer. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used. The patch is identified as...

CVE-2025-11529

A security flaw has been discovered in ChurchCRM up to 5.18.0. This impacts the function AuthMiddleware of the file src/ChurchCRM/Slim/Middleware/AuthMiddleware.php of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit...

CVE-2025-11494

A vulnerability was found in GNU Binutils 2.45. Impacted is the function bfdx86elflatesizesections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Th...

CVE-2025-11494

A vulnerability was found in GNU Binutils 2.45. Impacted is the function bfdx86elflatesizesections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Th...

CVE-2025-11495 GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_section heap-based overflow

A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elfx8664relocatesection of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclos...

CVE-2025-11494 GNU Binutils Linker elfxx-x86.c _bfd_x86_elf_late_size_sections out-of-bounds

A vulnerability was found in GNU Binutils 2.45. Impacted is the function bfdx86elflatesizesections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Th...

CVE-2025-11441

A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack is possible to be carrie...

CVE-2025-11440

A vulnerability was determined in JhumanJ OpnForm up to 1.9.3. Impacted is an unknown function of the file /edit. Executing manipulation can lead to improper access controls. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This patch is called...

CVE-2025-11439

A vulnerability was found in JhumanJ OpnForm up to 1.9.3. This issue affects some unknown processing of the file /show/integrations. Performing manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The pat...

CVE-2025-11441

The CVE-2025-11441 entry affects JhumanJ OpnForm (up to v1.9.3). The vulnerability lies in the HTTP Header Handler component, where manipulating the X-Forwarded-For parameter can lead to improper restriction of excessive authentication attempts. Impact is remote, with network attack vector, high ...