CVE-2025-55201

CVE-2025-55201 concerns the Copier library/CLI used for rendering project templates. Prior to version 9.9.1, the template rendering context exposes certain pathlib.Path objects in Jinja with unconstrained I/O methods, enabling a safe template to read and write arbitrary files on the filesystem an...

CVE-2025-9108 Portabilis i-Diario Login Page ui layer

Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely...

Moderate: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Linux Distros Unpatched Vulnerability : CVE-2019-5060

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2image 2.0.4. A specially crafted XPM image can cause an integer...

RHEL 8 : kernel-rt (RHSA-2025:13961)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:13961 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...

AlmaLinux 8 : kernel (ALSA-2025:13960)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:13960 advisory. kernel: drm/vkms: Fix use after free and double free on init error CVE-2025-22097 kernel: netsched: ets: Fix double list add in class with netem as child...

AlmaLinux 8 : kernel-rt (ALSA-2025:13961)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:13961 advisory. kernel: drm/vkms: Fix use after free and double free on init error CVE-2025-22097 kernel: netsched: ets: Fix double list add in class with netem as child...

Linux Distros Unpatched Vulnerability : CVE-2022-1185

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to...

Linux Distros Unpatched Vulnerability : CVE-2017-15568

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/applicationhelper.rb via a multi-value field with a crafted value...

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: drm/vkms: Fix use after free and double free on init error CVE-2025-22097 kernel: netsched: ets: Fix double list add in class with netem as child qdisc CVE-2025-37914 kernel: Bluetooth:...

Copier 路径遍历漏洞

Copier is a Copier open source library for rendering project templates. A path traversal vulnerability exists in Copier versions prior to 7.1.0 through 9.9.1, which stems from the fact that templates can be written to files outside of the target path, potentially leading to arbitrary file...

ALSA-2025:13961 Moderate: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: drm/vkms: Fix use after free and double free on init error CVE-2025-22097 kernel: netsched: ets: Fix double list add in class with...

CVE-2025-38543

In the Linux kernel, the following vulnerability has been resolved: drm/tegra: nvdec: Fix dmaalloccoherent error check Check for NULL return value with dmaalloccoherent, in line with Robin's fix for vic.c in 'drm/tegra: vic: Fix DMA API misuse'...

DEBIAN-CVE-2025-38515

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Increment job count before swapping tail spsc queue A small race exists between spscqueuepush and the run-job worker, in which spscqueuepush may return not-first while the run-job worker has already idled due to the jo...

CVE-2025-38515 drm/sched: Increment job count before swapping tail spsc queue

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Increment job count before swapping tail spsc queue A small race exists between spscqueuepush and the run-job worker, in which spscqueuepush may return not-first while the run-job worker has already idled due to the jo...

CVE-2025-38515

CVE-2025-38515 concerns a race in the Linux kernel’s DRM scheduler. The description states a small race between drm/sched spsc_queue_push and the run-job worker, where spsc_queue_push may return not-first while the worker has idled due to the job count reaching zero. The consequence is that job s...

CVE-2025-38515 drm/sched: Increment job count before swapping tail spsc queue

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Increment job count before swapping tail spsc queue A small race exists between spscqueuepush and the run-job worker, in which spscqueuepush may return not-first while the run-job worker has already idled due to the jo...

PT-2025-33515 · Z2D · Z2D

Name of the Vulnerable Software and Affected Versions: z2d versions 0.7.0 Description: z2d is a pure Zig 2D graphics library. A new multi-sample anti-aliasing MSAA method introduced in version 0.7.0 uses a new buffering mechanism for storing coverage data. Incorrect bounding under certain...

CVE-2025-51691

Cross-Site Scripting XSS vulnerability found in MarkTwo commit e3a1d3f90cce4ea9c26efcbbf3a1cbfb9dcdb298 May 2025 allows a remote attacker to execute arbitrary code via a crafted script input to the editor interface. The application does not properly sanitize user-supplied Markdown before renderin...

Linux Distros Unpatched Vulnerability : CVE-2025-22096

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: Fix error code msmparsedeps The SUBMITERROR macro turns the error code negative...