Linux Distros Unpatched Vulnerability : CVE-2022-50221

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/fb-helper: Fix out-of-bounds access Clip memory range to screen-buffer size to avoid...

Linux Distros Unpatched Vulnerability : CVE-2025-21996

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/radeon: fix uninitialized size issue in radeonvcecsparse On the off chance that command stream passed from userspace via ioctl call to radeonvcecsparse is...

Linux Distros Unpatched Vulnerability : CVE-2025-38036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/xe/vf: Perform early GT MMIO initialization to read GMDID VFs need to communicate with the GuC to obtain the GMDID value and existing GuC functions used for...

Linux Distros Unpatched Vulnerability : CVE-2017-7806

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable...

Linux Distros Unpatched Vulnerability : CVE-2023-52861

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm: bridge: it66121: Fix invalid connector dereference Fix the NULL pointer dereference whe...

Astros's duplicate trailing slash feature leads to an open redirection security issue

Summary There is an Open Redirection vulnerability in the trailing slash redirection logic when handling paths with double slashes. This allows an attacker to redirect users to arbitrary external domains by crafting URLs such as https://mydomain.com//malicious-site.com/. This increases the risk o...

drm/tegra: Fix a possible null pointer dereference

...

drm/scheduler: signal scheduled fence when kill job

...

Fedora 42 : webkitgtk (2025-61ca72f430)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-61ca72f430 advisory. Update to 2.48.5. Changes since 2.48.3: Improve emoji font selection. Improve playback of multimedia streams from blob URLs. Fix crash when using a...

The vulnerability of the web page rendering module in WebKit operating systems for macOS, iPadOS, VisionOS, iOS, WatchOS, and tvOS allows attackers to trigger a service failure.

The vulnerability of the web page rendering module in WebKit operating systems such as macOS, iPadOS, VisionOS, iOS, WatchOS, and tvOS is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

The vulnerability of the web page rendering module in WebKit operating systems such as macOS, iPadOS, VisionOS, iOS, WatchOS, and tvOS allows attackers to trigger a service failure.

The vulnerability of the web page rendering module in WebKit operating systems such as macOS, iPadOS, VisionOS, iOS, WatchOS, and tvOS is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruption...

The vulnerability of the web page rendering module in WebKitt operating systems such as macOS, iPadOS, visionOS, iOS, watchOS, and tvOS allows attackers to trigger a service failure.

The vulnerability of the web page rendering module in WebKit operating systems such as macOS, iPadOS, VisionOS, iOS, WatchOS, and tvOS is related to unlimited resource allocation. Exploiting this vulnerability can allow attackers to cause service failures...

The vulnerability of the web page rendering module in WebKit operating systems for macOS, iPadOS, VisionOS, iOS, WatchOS, and tvOS allows attackers to trigger a service failure.

The vulnerability of the web page rendering module in WebKit operating systems such as macOS, iPadOS, VisionOS, iOS, WatchOS, and tvOS is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruption...

[SECURITY] Fedora 42 Update: poppler-25.02.0-2.fc42

poppler is a PDF rendering library...

GHSA-RRFF-CHJ9-W4C7 Apache JSPWiki Cross-Site Scripting (XSS) Vulnerability via Header Link Rendering

A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki team showed that the markdown parser allowed this...

Apache JSPWiki Cross-Site Scripting (XSS) Vulnerability via Header Link Rendering

A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki team showed that the markdown parser allowed this...

SUSE CVE-2025-38355

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Process deferred GGTT node removals on device unwind While we are indirectly draining our dedicated workqueue ggtt-wq that we use to complete asynchronous removal of some GGTT nodes, this happends as part of the managed-d...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of markdown images with arbitrary URLs. An attacker can obtain the IP address, browser User-Agent, and potentially other request-specific information of users by embedding image URLs that are...

RLSA-2025:7387 Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash CVE-2024-44192 webkitgtk: A malicious website may exfiltrate data cross-origin CVE-2024-54467...

CVE-2025-38436

In the Linux kernel, the following vulnerability has been resolved: drm/scheduler: signal scheduled fence when kill job When an entity from application B is killed, drmschedentitykill removes all jobs belonging to that entity through drmschedentitykilljobswork. If application A's job depends on a...