Important: kernel-livepatch-6.18.16-18.222

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy CVE-2026-46300 Affected Packages: kernel-livepatch-6.18.16-18.222 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Medium: ecs-service-connect-agent

Issue Overview: Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access or other malicious actions within the mesh. This issue arises due to Envoy's defaul...

Medium: cuda-documentation-12-9

Issue Overview: NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to information disclosure or denial of service. CVE-2025-23272 Affected Packages:...

Important: kernel-livepatch-5.10.242-239.961

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifsoplockbreak CVE-2025-38527 In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal CVE-2025-39677 Affect...

Medium: coreutils

Issue Overview: A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash ...

Medium: gnuplot

Issue Overview: A flaw was found in GNUPlot. A segmentation fault via IOstrinitstaticinternal may jeopardize the environment. CVE-2025-3359 Affected Packages: gnuplot Issue Correction: Run dnf update gnuplot --releasever 2023.7.20250512 or dnf update --advisory ALAS2023-2025-960 --releasever...

Important: kernel-livepatch-5.10.234-225.921

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nfsd: clear aclaccess/acldefault after releasing them CVE-2025-21796 Affected Packages: kernel-livepatch-5.10.234-225.921 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: fix dstnegativeadvice race CVE-2024-36971 Affected Packages: kernel Issue Correction: Run dnf update kernel --releasever 2023.5.20240722 or dnf update --advisory ALAS2023-2024-658 --releasever 2023.5.20240722...

Important: ghostscript

Issue Overview: NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908 ghostpdl-10.03.1 NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707754 CVE-2024-33871 Affected...

Low: clamav

Issue Overview: No CVE associated with this advisory Affected Packages: clamav Issue Correction: Run dnf update clamav --releasever 2023.4.20240513 or dnf update --advisory ALAS2023-2024-615 --releasever 2023.4.20240513 to update your system. More information on how to update your system can be...

Important: rust

Issue Overview: RUSTSEC-2024-0006 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0006.html NOTE: https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27 Affected Packages: rust Issue Correction: Run dnf update rust --releasever 2023.4.20240319 or dnf update --advisory...

Important: dotnet6.0

Issue Overview: Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability CVE-2024-0056 NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability CVE-2024-0057 Microsoft Identity Denial of service vulnerability CVE-2024-21319...

Medium: ansible-core

Issue Overview: The upstream bug report describes this issue as follows: A flaw was found in Ansible, where a user's controller is vulnerable to template injection when internal templating operations may errantly remove the unsafe designation from template data. CVE-2023-5764 Affected Packages:...

Medium: python-urllib3

Issue Overview: urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a Cookie header and...

ROS-2-1584

2.1584 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...

CVE-2021-4326

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

Design/Logic Flaw

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

Amazon Linux 2022 : cups, cups-client, cups-devel (ALAS2022-2022-108)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-108 advisory. An authorization vulnerability was found in the CUPS printing system. This security vulnerability occurs when local authorization happens. This flaw allows an attacker to authenticate to CUPS as...

Medium: kernel-livepatch-4.14.276-211.499

Issue Overview: No CVE associated with this advisory Affected Packages: kernel-livepatch-4.14.276-211.499 Issue Correction: Please ensure you have live patching enabled. Run yum update kernel-livepatch-4.14.276-211.499 or yum update --advisory ALAS2LIVEPATCH-2022-091 to update your system. New...

ROS-2-1873

2.1873 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...