Important: kernel-livepatch-6.12.83-111.159

Issue Overview: PinTheft is a Linux local privilege escalation exploit for an RDS zerocopy double-free that can be turned into a page-cache overwrite through iouring fixed buffers. Affected Packages: kernel-livepatch-6.12.83-111.159 Issue Correction: Please ensure you have live patching enabled...

PT-2025-29437 · Avid · Avid Nexis Pro+ +2

Name of the Vulnerable Software and Affected Versions: Avid NEXIS E-series versions prior to 2025.5.1 Avid NEXIS F-series versions prior to 2025.5.1 Avid NEXIS PRO+ versions prior to 2025.5.1 System Director Appliance SDA+ versions prior to 2025.5.1 Description: The application is susceptible to ...

Medium: libblockdev

Issue Overview: LPE from allowactive to root in libblockdev via udisks CVE-2025-6019 Affected Packages: libblockdev Issue Correction: Run dnf update libblockdev --releasever 2023.7.20250623 to update your system. New Packages: aarch64: libblockdev-fs-debuginfo-3.2.1-1.amzn2023.0.3.aarch64 ...

Medium: golang

Issue Overview: A directory traversal vulnerability was discovered in the Go programming language's os package in versions prior to 1.24.3. The vulnerability allows improper access to the parent directory of an os.Root by opening a filename ending in "../". When exploited, this vulnerability...

Important: dotnet8.0

Issue Overview: Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. CVE-2025-24070 Affected Packages: dotnet8.0 Issue Correction: Run dnf update dotnet8.0 --releasever 2023.7.20250331 to update your system. New Packages: aarch6...

Important: emacs

Issue Overview: A flaw was found in the Emacs text editor. Improper handling of custom "man" URI schemes allows attackers to execute arbitrary shell commands by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. CVE-2025-1244 Affected Packages: emacs Issue...

PT-2025-4246 · Oracle +6 · Mysql Server +5

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.40 and prior MySQL Server versions 8.4.3 and prior MySQL Server versions 9.1.0 and prior Description: A difficult to exploit issue allows a high privileged attacker with logon to the infrastructure where MySQL Server...

Important: nodejs20

Issue Overview: NOTE: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases/ CVE-2024-27982 An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data i...

Medium: kernel

Issue Overview: An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfssetea in fs/ntfs3/xattr.c. CVE-2022-48502 A side channel vulnerability on some of the AMD CPUs may allow a...

Medium: libtiff

Issue Overview: loadImage in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. CVE-2023-26965 Affected Packages: libtiff Issue Correction: Run dnf update libtiff --releasever 2023.1.20230725 or dnf update --advisory ALAS2023-2023-271 --releasever...

Low: python3.11

Issue Overview: No CVE associated with this advisory Affected Packages: python3.11 Issue Correction: Run dnf update python3.11 --releasever 2023.1.20230719 or dnf update --advisory ALAS2023-2023-252 --releasever 2023.1.20230719 to update your system. More information on how to update your system...

Medium: glib2

Issue Overview: The upstream bug report describes this issue as follows: A vulnerability was found in GLib2.0, where DoS caused by handling a malicious text-form variant which is structured to cause looping superlinear to its text size. Applications are at risk if they parse untrusted text-form...

Medium: wayland

Issue Overview: An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wlshm buffer...

Medium: bind

Issue Overview: A cache poisoning vulnerability was found in BIND when using forwarders. Bogus NS records supplied by the forwarders may be cached and used by name if it needs to recurse for any reason. This issue causes it to obtain and pass on potentially incorrect answers. This flaw allows a...

Solaris 9 (sparc) : 117455-01

SunOS 5.9: in.rwhod Patch. Date this patch was last updated by Sun : Nov/01/04 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Solaris 2.5.1 (sparc) : 111916-01

SunOS 5.5.1: telmod could panic the system. Date this patch was last updated by Sun : Sep/24/01 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...

FreeBSD-SA-96:09.vfsload

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-96:09 Security Advisory Revised: Wed May 22 00:20:09 PDT 1996 FreeBSD, Inc. Topic: unauthorized access via mountunion / mountmsdos vfsload Category: core Module: libc...