8850 matches found
Important: nvidia-modprobe
Issue Overview: NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of servic...
Important: cuda-13-1
Issue Overview: NVIDIA Nsight Systems contains a vulnerability in the gfxhotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the processnsysrepcli.py script if the script is invoked manually. A successful exploit of this vulnerability might lea...
Important: nvidia-xconfig
Issue Overview: NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of servic...
Important: cuda
Issue Overview: NVIDIA Nsight Systems contains a vulnerability in the gfxhotspot recipe, where an attacker could cause an OS command injection by supplying a malicious string to the processnsysrepcli.py script if the script is invoked manually. A successful exploit of this vulnerability might lea...
Medium: ecs-init
Issue Overview: The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content. CVE-2025-47911 The html.Parse function in golang.org/x/net/html has an...
Important: protobuf
Issue Overview: A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict in Python, where the maxrecursiondepth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling logic, an...
Medium: firefox
Issue Overview: HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hbmalloc returns NULL before using placement new to construc...
Important: python3.13-wheel
Issue Overview: wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.46.1 and below, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename...
Medium: rsync
Issue Overview: A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue. CVE-2025-101...
Important: nodejs20
Issue Overview: Bypass File System Permissions using crafted symlinks CVE-2025-55130 A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated...
Low: libxml2
Issue Overview: A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during...
Medium: oci-add-hooks
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Medium: containerd
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Medium: soci-snapshotter
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Medium: python-pip
Issue Overview: urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage an...
Important: gimp
Issue Overview: GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious...
Important: docker
Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...
Medium: ecs-init
Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...
Medium: oci-add-hooks
Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...
Medium: containerd
Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...
Medium: mariadb1011
Issue Overview: A flaw was found in MariaDB. This vulnerability allows remote attackers to execute arbitrary code on affected installations via improper validation of a user-supplied path prior to using it in file operations in the mariadb-dump utility, requiring user interaction. CVE-2025-13699...
Medium: nerdctl
Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...
Medium: cni-plugins
Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...
Important: ecs-service-connect-agent
Issue Overview: There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPCARGTCPTXZEROCOPYENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix NULL dereference on q-elevator in blkmqelvswitchnone CVE-2023-53292 In the Linux kernel, the following vulnerability has been resolved: block: fix race between setblocksize and read paths CVE-2025-3807...
Medium: cups
Issue Overview: A client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other clients. CVE-2025-58436 A user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. The...
Medium: docker
Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...
Medium: runfinch-finch
Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption CVE-2025-40019 In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix flag-dropping behavior in ksmmadvise CVE-2025-40040...
Medium: containerd
Issue Overview: containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...
Important: libsoup3
Issue Overview: A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could...
Medium: python-ldap
Issue Overview: python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars can be tricked to skip escaping of special characters when a crafted list or dict is supplied as the assertionvalue...
Medium: cups-filters
Issue Overview: CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters package as library functions to be used for the data format conversion tasks needed in Printer Applications. In CUPS-Filters versions up to and...
Important: firefox
Issue Overview: A heap buffer over-read vulnerability exists in libpng's pngdoquantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palettelookup array bounds are not validated against externally-supplied image data, allowing an attacker to craf...
Important: firefox
Issue Overview: Race condition in the Graphics component. This vulnerability affects Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30. CVE-2025-13012 Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30...
Important: docker
Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...
Important: xmlunit
Issue Overview: XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet used for an XSLT transformation, because XSLT extension functions are enabled. CVE-2024-31573 Affected Packages: xmlunit Issue Correction: Run dnf update xmlunit...
Medium: java-1.8.0-openjdk
Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 a...
Important: nvidia-kmod-common
Issue Overview: NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. CVE-2025-23280...
Important: nvlink5-580
Issue Overview: NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. CVE-2025-23280...
Low: runc
Issue Overview: No CVE associated with this advisory Affected Packages: runc Issue Correction: Run dnf update runc --releasever 2023.9.20251105 or dnf update --advisory ALAS2023-2025-1263 --releasever 2023.9.20251105 to update your system. More information on how to update your system can be foun...
Low: runc
Issue Overview: No CVE associated with this advisory Affected Packages: runc Note: This advisory is applicable to Amazon Linux 2 - Docker Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...
Important: squid
Issue Overview: Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. . This potentially allows a remote client to identify security tokens or credentials used internally by a web...
Medium: libxslt
Issue Overview: A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash. CVE-2025-10911 Affected Packages: libxslt Issue Correction: Run dnf update libxslt --releasever 2023.9.20251027 or dnf update...
Medium: samba
Issue Overview: A flaw was found in Samba, in the vfsstreamsxattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure...
Critical: dotnet9.0
Issue Overview: Improper link resolution before file access 'link following' in .NET allows an authorized attacker to elevate privileges locally. CVE-2025-55247 Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a...
Important: ghostscript
Issue Overview: Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfwritecmap in devices/vector/gdevpdtw.c. CVE-2025-59798 Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmarkcoercedest in devices/vector/gdevpdfm.c via a large size value...
Important: gimp
Issue Overview: ZDI-CAN-27863: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability CVE-2025-10922 Affected Packages: gimp Note: This advisory is applicable to Amazon Linux 2 - Gimp Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ...
Medium: cups
Issue Overview: A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in th...
Medium: cuda-nvdisasm-12-9
Issue Overview: NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability might lead to information disclosure or denial of service. CVE-2025-23272 Affected Packages:...