INFOSEC – USERSPACE.ORG :

NIST Vulnerability Database

CVE-2023-36409
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2023-36769
Microsoft OneNote Spoofing Vulnerability

CVE-2023-47004
Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication.

CVE-2023-45556
Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.

OS: Debian

Debian Oldstable Keystone Important Access Issues Fixed DSA-6331-1

Multiple vulnerabilities were discovered in Keystone, the OpenStack identity service, which may result in authorisation bypass, privilege escalation, user impersonation or incomplete termination of access privileges. For the oldstable distribution (bookworm), these problems have been fixed

Debian Tomcat11 Moderate DDoS Bypass Sensitive Info Vuln DSA-6329-1

Multiple security vulnerabilities have been discovered in Tomcat 11, a Java based web server, servlet and JSP engine which may result in a denial of service, authentication bypass or the disclosure of sensitive information. Although we are not aware of any problems, new upstream versions may introduce new options, limits or code changes which may or may not affect your existing

Debian Tomcat10 Critical Denial Of Service Auth Bypass Vuln DSA-6328-1

Multiple security vulnerabilities have been discovered in Tomcat 10, a Java based web server, servlet and JSP engine which may result in a denial of service, authentication bypass or the disclosure of sensitive information. Although we are not aware of any problems, new upstream versions may introduce new options, limits or code changes which may or may not affect your existing

Debian Request Tracker Important SQL Injection Risk DSA-6327-1

Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system, which could result privilege escalation, information disclosure, SQL injections, LDAP authentication bypass, cross-site scripting or spreadsheet (CSV/formula) injection. For the oldstable distribution (bookworm), these problems have been fixed

OS: Suse

openSUSE Nginx Important Heap Overflow Threat Vuln 2026-2307-1

An update that solves one vulnerability can now be installed.

SUSE Netty Important HTTP Smuggling Vulnern 2026-2308-1

An update that solves 12 vulnerabilities can now be installed.

SUSE Linux Enterprise Server Podofo Low Double-Free Vuln CVE-2026-44348

An update that solves one vulnerability can now be installed.

openSUSE Kernel Critical Security Updates SUSE-SU-2026-2310-1

An update that solves 22 vulnerabilities and has five security fixes can now be installed.

OS: CentOS

CentOS 7 CESA-2024-1498 Moderate Advisory: Thunderbird Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:1498

CentOS 7 CESA-2024-1486 Critical: Firefox Security Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:1486

CentOS 7 CESA-2024-1249 Important: Kernel Critical Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:1249

CentOS 7 CESA-2024-0957 Critical Thunderbird Security Update

Upstream details at : https://access.redhat.com/errata/RHSA-2024:0957

OS: Fedora

Fedora 43 objfw Important Update 1.5.5 Bug Fixes June 2026

Update to 1.5.5, containing many bug fixes, some also security related.

Fedora 43 mingw-objfw 1.5.5 Update Security Fix FEDORA-2026-de23fedf3e

Update to 1.5.5, containing many bug fixes, some also security related.

Fedora 44 ObjFW Update Critical Bug Fix Advisory 2026-729e540d74

Update to 1.5.5, containing many bug fixes, some also security related.

Fedora 44 mingw-objfw 1.5.5 Security Bug Fix Update 2026-2aa17af701

Update to 1.5.5, containing many bug fixes, some also security related.

OS: Slackware

Slackware 15.0 Releases Key Patch for Critical RCE DoS Samba Flaw

New samba packages are available for Slackware 15.0 to fix security issues.

Slackware libinput Important Arbitrary Code Execution Fix 2026-155-02

New libinput packages are available for Slackware 15.0 and -current to fix a security issue.

Slackware Dnsmasq Significant Heap Overwrite Patch SSA 2026-155-01

New dnsmasq packages are available for Slackware 15.0 and -current to fix a security issue.

Slackware 15.0 Net-tools Urgent Buffer Overflow Resolution 2026-154-02

New net-tools packages are available for Slackware 15.0 and -current to fix a security issue.

OS: Redhat

Red Hat: RHSA-2023-5538-01 Important: libvpx Heap Overflow and Crash

An update for libvpx is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

Red Hat Enterprise Linux 8.2 RHSA-2023-5527 Important: Bind DoS Risk

An update for bind is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Enterprise Linux 8.2 RHSA-2023-5534-01 Important: libvpx Issues

An update for libvpx is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Important Advisory RHSA-2023-5539-01 for libvpx Crash and Heap Overflow

An update for libvpx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

NIST Vulnerability Database

CVE-2023-36409
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2023-36769
Microsoft OneNote Spoofing Vulnerability

CVE-2023-45556
Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.

OS: OpenSuse

openSUSE Tumbleweed perl-CryptX Moderate CVE-2026-41565 Fix 2026-10968-1

An update that solves one vulnerability can now be installed.

openSUSE Tumbleweed amazon-ssm-agent Moderate Vuln Advisory 2026-10966-1

An update that solves 4 vulnerabilities can now be installed.

openSUSE Tumbleweed ack Moderate Security Issues 2026-10965-1

An update that solves 3 vulnerabilities can now be installed.

openSUSE Tumbleweed ggml-devel Moderate Security Issue CVE-2026-21869

An update that solves one vulnerability can now be installed.

OS: Scientific

Scientific Linux 7 SLSA-2023:6885 Critical: Python TLS Handshake Bypass

python: TLS handshake bypass (CVE-2023-40217) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6885 SL7 srpm python-0:2.7.5-94.el7_9.src x86_64 python-0:2.7.5-94.el7_9.x86_64 i386 python-libs-0:2.7.5-94.el7_9.i686 - Scientific Linux Development Team

SciLinux: SLSA-2023:6886 Critical: Plexus-Archiver File Creation Risk

plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6886 SL7 srpm plexus-archiver-0:2.4.2-6.el7_9.src noarch plexus-archiver-0:2.4.2-6.el7_9.noarch - Scientific Linux Development Team

Scientific Linux 7 Advisory SLSA-2023:5691 Critical DoS in BIND

bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:5691 SL7 srpm bind-32:9.11.4-26.P2.el7_9.15.src i386 bind-export-libs-32:9.11.4-26.P2.el7_9.15.i686 x86_64 bind-export-libs-32:9.11.4-26.P2.el7_9.15.x86_64 noarch bind-license-32:9.11.4-26.P2.el7_9.15.noarch - Scie [More...]

Scientific Linux SLSA-2023:5615 Moderate Security Issue in libssh2

libssh2: use-of-uninitialized-value in _libssh2_transport_read (CVE-2020-22218) --- This content is derived from https://sso.redhat.com/auth/realms/redhat-external/protocol/saml?SAMLRequest=fZJBT8MwDIX%2FSm85ZWk7yrZonVQxIU0ChDbgwAVlqccipUmJXTb49aQbg3Hh6jy%2F79nOFFVjW1l1tHVLeOsAKakQIZDx7so77BoIKwjvRsPj8qZkW6IWpRBKa0AcBKi3igbaN6L2O2e9qlH0nmJjnLLmE1hSEQWz7giOfsa9fhsuXA37kmUsmUdu1PfQXwSiP%2FdXMaMIoGyD4ljmsCcIESPa4Mlrbw9olizmJXvJ9WgMWmV8qMcTfpGNUq7WxZCvVTEe5dmoUJebKEXsYhAk5ahkeZoXPL3g6eQhHcqikGn2zJInCHhIlg9Sluwb61D2oJJ1wUmv0KB0qgGUpOWqur2RUSjVaY3nLe3%2FPac52Gzaq%2BUhXZh1zmwM1PxnxVNx%2Fjw9HvEu2i3m994a%2FZFU1vrdVVwXQckodPEO1z40iv4P0FdMzTcHqWz7wZHAEROzI%2FPvX5l9AQ%3D%3D&RelayState=https%3A%2F%2Faccess.redhat.com%2Ferrata%2FRHSA-2&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=BrJPc%2FvdbvszAnFEmxMHTWhWO5IJXnU8CNik001PBsM04yezeCS%2B0pETxgMIupFPsrxTbmD1oepOHhERcPL4Byk1qKkm6TtFvfXm74lB8Pui6rdjg%2B8IwVmrenuF4Ph3LD4ZnDeuNW3YO4dDbN5Q4%2F89FIjEkeGKeLLar10vtkiy8GweKEe8cuja3717pxNrVTOi8ckfBHwomdUD8Xw1IE6M1qHI4u6pOMtxqpKQPu%2FZzsAgrME854P7NQqtGaZRI3eqZlBRVyG2FYrR7KFC6QtA%2FdVCYBxBWG4JdxZhXmbM%2Fc%2Bn%2B04WEKPpbhH12qa7URkjktnYMsJNcVF7rtYtn1D6gCyPnuXrwe7qcV0MgnrfuqmW4FoGsGrjhFdp7Eebe40wh78VaLxxAxO9hR%2BrYRDgNjvtewICpUbzYQUm6jzVk3i%2FYjt5Pmr9HesI1zvaI80Jmpgud1snf1z7VWoIqnAXwIZyLlo%2BxyFZs4qDUBgFr9tqrgbnGjBgTzdyJTItq7yFMVJDCt6dy5LjnMgKSMd%2BjjsoDBjssytWMM4ulzlyQHtn4IdVgCe4q4jgLQrHXf4ZucbUIA6q%2Fxgg7favSO%2FZaivTQq%2BoaQQKJ1NXxPiMXw6j354mdaEtz8jK549xaCEZi2OiF3l8Qrzc%2B7JikRXQ8wlX1gh8SbiNHfo6ZcE%3D 023:5615 SL7 srpm libssh2-0:1.8.0-4.el7_9.1.src i386 libssh2-0:1.8.0-4.el7_9.1.i686 x86_64 libssh2-0:1.8.0-4.el7_9.1.x86_64 noarch libssh2-docs-0:1.8.0- 4.el7_9.1.noarch - Scientific Linux Development Team

OS: Ubuntu

Ubuntu 20.04 18.04 Go Networking Critical Access USN-8416-1

Go Networking could allow unintended access to network services.

Ubuntu 26.04 LTS Lodash Critical Prototype Pollution Vuln USN-8411-1

Several security issues were fixed in Lodash.

Ubuntu GDK-PixBuf Critical JPEG Denial Of Service Vulnerability USN-8156-2

GDK-PixBuf could be made to crash or run programs if it opened a specially crafted file.

Ubuntu 26.04 LTS Nginx Critical Denial Of Service Regression Vuln 8398-2

USN-8398-1 introduced a regression in nginx

OS: Gentoo

Gentoo DTrace Arbitrary File Creation Normal Risk 202604-04

A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names.

Gentoo FUSE Security Advisory Highlights Key Vulnerabilities GLSA 202604-03

Multiple vulnerabilities have been found in FUSE, the worst of which can lead to code execution.

Gentoo Commons-BeanUtils High Risk Arbitrary Code Exec GLSA 202601-05

A vulnerability has been discovered in Commons-BeanUtils, which can lead to execution of arbitrary code.

Gentoo Asterisk High Code Execution Risks GLSA-202601-04

Multiple vulnerabilities have been discovered in Asterisk, the worst of which can lead to arbitrary code execution.

OS: Debian LTS

Debian LTS openssl Important Use-After-Free NULL Pointer Issues DLA-4624-1

Several vulnerabilities have been discovered in OpenSSL, a Secure Socket Layer toolkit providing the SSL and TLS cryptographic protocols for secure communication over the Internet. CVE-2026-28387 An uncommon configuration of clients performing DANE TLSA-based server

Debian jackson-core High Severity Denial of Service Information Leak Fix

Two security vulnerabilities have been found in jackson-core, a fast and powerful JSON library for Java, which may allow an attacker to cause a denial of service by using deeply nested JSON data or disclose sensitive information by abusing a flaw in how certain exception messages are handled in jackson- core.

Debian 11 Glibc Critical Memory Management Issues DLA-4621-1

Several vulnerabilities have been discovered in the GNU C Library, the C standard library implementation used by Debian. CVE-2025-8058 posix: Fix double-free after allocation failure in regcomp The regcomp function in the GNU C library version from 2.4 to 2.41 is

Debian libxml2 Important Denial of Service Issues DLA-4622-1

Multiple security issues were found in libxml2, the GNOME XML library, which could lead to Denial of Service. CVE-2025-8732 Catalog parsing functions were missing cycle detection. When a catalog file contains a CATALOG directive pointing to itself,

OS: Arch

Fedora: 203105-8 moderate: ruby-on-rails sql injection vulnerability

The package python-django before version 5.1.11-1 is vulnerable to content spoofing.

Ubuntu: 303103-1 medium: gnome-terminal privilege escalation

The package konsole before version 25.04.2-1 is vulnerable to arbitrary code execution.

ArchLinux: ASA-202506-4 medium risk of go certificate bypass issue

The package go before version 1.24.4-1 is vulnerable to multiple issues including certificate verification bypass and information disclosure.

Arch Linux: ASA-202506-3 CVE-2025-0620 low: samba access issue

The package samba before version 4.22.2-1 is vulnerable to access restriction bypass.