Medium: libsndfile

Issue Overview: libsndfile through 1.2.2 has an oggvorbis.c vorbisanalysiswrote out-of-bounds read. CVE-2024-50612 Affected Packages: libsndfile Issue Correction: Run dnf update libsndfile --releasever 2023.6.20250317 to update your system. New Packages: aarch64: ...

Important: libxml2

Issue Overview: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML...

Important: kernel-livepatch-6.1.124-134.200

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: sched: schcake: add bounds checks to host bulk flow fairness counts CVE-2025-21647 Affected Packages: kernel-livepatch-6.1.124-134.200 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Medium: libxslt

Issue Overview: The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information. CVE-2023-40403...

Important: libxml2

Issue Overview: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount CVE-2024-49960 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free of signing key CVE-2024-53179 In the Linux kernel,...

Medium: python3.11

Issue Overview: A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means...

Medium: openssh

Issue Overview: A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying...

Medium: jsoup

Issue Overview: jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop...

Low: cups

Issue Overview: No CVE associated with this advisory Affected Packages: cups Issue Correction: Run dnf update cups --releasever 2023.6.20250303 or dnf update --advisory ALAS2023-2025-883 --releasever 2023.6.20250303 to update your system. More information on how to update your system can be found...

Important: libnvidia-container

Issue Overview: NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use TOCTOU vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution,...

Important: postgresql15

Issue Overview: Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral, PQescapeIdentifier, PQescapeString, and PQescapeStringConn allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the...

Low: ecs-init

Issue Overview: runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between t...

Important: kernel-livepatch-5.10.230-223.885

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sgrelease CVE-2024-56631 Affected Packages: kernel-livepatch-5.10.230-223.885 Issue Correction: Please ensure you have live patching enabled. Run yum update...

CVE-2025-1969

Improper request input validation in Temporary Elevated Access Management TEAM for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. Upgrade TEAM to the latest release v.1.2.2. Follow instructions in updating TEAM documentation for updating process...

Medium: vim

Issue Overview: Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode -s -e, Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the...

Medium: ghostscript

Issue Overview: PS interpreter - check Indexed colour space index NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707990 NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=85bd9d2f4b792fe67aef22f1a4117457461b8ba6 NOTE:...

Medium: ansible-core

Issue Overview: A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in...

Citrix Secure Access Client for Mac Security Bulletin for CVE-2025-1222 and CVE-2025-1223

Description of Problem Vulnerabilities have been discovered in Citrix Secure Access Client for Mac. Refer to below for further details: Affected Versions: The following supported versions of Citrix Secure Access Client for Mac are affected: Citrix Secure Access Client for Mac versions BEFORE...

SUSE: Security Advisory (SUSE-SU-2023:3391-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...