374 matches found
Important: amazon-ecr-credential-helper
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Medium: perl-YAML-LibYAML
Issue Overview: YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified CVE-2025-40908 Affected Packages: perl-YAML-LibYAML Issue Correction: Run dnf update perl-YAML-LibYAML --releasever 2023.7.20250623 or dnf update --advisory ALAS2023-2025-1036...
Important: kernel-livepatch-5.10.234-225.917
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes CVE-2025-21991 Affected Packages: kernel-livepatch-5.10.234-225.917 Issue Correction: Please ensure you have live patching enabled. Run yum...
Medium: amazon-cloudwatch-agent
Issue Overview: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result i...
Medium: perl-YAML-LibYAML
Issue Overview: YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified CVE-2025-40908 Affected Packages: perl-YAML-LibYAML Issue Correction: Run dnf update perl-YAML-LibYAML --releasever 2023.7.20250623 to update your system. New Packages: aarch64: ...
Important: perl-CryptX
Issue Overview: Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow. CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328. CVE-2025-40914 Affected Packages: perl-CryptX Issue...
Medium: ghostscript
Issue Overview: gslibctxstashsanitizedarg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the case. A created PDF document includes its password in cleartext. CVE-2025-48708 Affected Packages: ghostscript Note: This advisory is applicable to Amazon Linux 2...
Medium: cuda-nvml-devel-12-9
Issue Overview: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this...
Important: kernel-livepatch-6.12.20-23.97
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir CVE-2025-37785 Affected Packages: kernel-livepatch-6.12.20-23.97 Issue Correction: Please ensure you have live patching enabled. Run dnf update...
Important: kernel-livepatch-6.12.22-27.96
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir CVE-2025-37785 Affected Packages: kernel-livepatch-6.12.22-27.96 Issue Correction: Please ensure you have live patching enabled. Run dnf update...
Medium: screen
Issue Overview: TTY Hijacking while Attaching to a Multiuser Session in the screen package Has potential to break some reattach use cases, but the specific use case was broken already before. screen in Debian not installed setuid or setgid DEBIANBUG: 1105191 Info:...
Medium: cuda-sandbox-devel-12-9
Issue Overview: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this...
Important: kernel6.12
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svcprocregister CVE-2025-22026 In the Linux kernel, the following vulnerability has been resolved: Revert "smb: client: fix TCP timers deadlock after rmmod" CVE-2025-22077 In...
Advisory ROSA-SA-2025-2887
Software: ghostscript 9.27 OS: ROSA Virtualization 3.0 packageevrstring: ghostscript-9.27-16.0.1.rv30 CVE-ID: CVE-2020-27792 BDU-ID: 2023-09076 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the lp8000printpage function of the gdevlp8k.c component of the Ghostscript document processing software...
Important: perl-Mojolicious
Issue Overview: Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could...
Medium: postgresql15
Issue Overview: Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5...
Important: soci-snapshotter
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
PT-2025-22971 · Suse +1 · Suse Manager Server Module +1
Name of the Vulnerable Software and Affected Versions: spacewalk-java versions 5.0.4.7.19.1 through 5.0.24-150600.3.25.1 SUSE Manager Server Module 4.3 versions prior to 4.3.85-150400.3.105.3 Description: A vulnerability in spacewalk-java allows execution of arbitrary Javascript code on users'...
Debian: Security Advisory (DLA-4167-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2025-21795
Name of the Vulnerable Software and Affected Versions setuptools versions prior to 78.1.1 Description A path traversal vulnerability in PackageIndex was found in setuptools. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process...