OS: Arch
The package rsync before version 3.4.0-1 is vulnerable to multiple issues including arbitrary code execution, arbitrary file upload, information disclosure and privilege escalation. |
The package oath-toolkit before version 2.6.12-1 is vulnerable to privilege escalation. |
The package openssh before version 9.8p1-1 is vulnerable to authentication bypass. |
The package xz before version 5.6.1-2 is vulnerable to arbitrary code execution. |
OS: Mageia
hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail. (CVE-2025-24912) |
Vanilla upstream kernel version 6.6.83 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links. References: - https://bugs.mageia.org/show_bug.cgi?id=34115 |
Upstream kernel version 6.6.83 fixes bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. For information about the vulnerabilities see the links. |
xsltGetInheritedNsList in libxslt has a use-after-free issue related to exclusion of result prefixes (CVE-2024-55549). numbers.c in libxslt has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, |
OS: Ubuntu
zvbi could be made to crash or run programs if it received specially crafted input. |
Several security issues were fixed in NLTK. |
go-gh could be made to expose sensitive information over the network. |
PAM-PKCS#11 could be used to bypass authentication. |
OS: Gentoo
Multiple vulnerabilities have been found in OpenSSH, the worst of which could allow a remote attacker to gain unauthorized access. |
Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to arbitrary code execution. |
Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. |
OS: Debian LTS
Multiple vulnerabilities have been fixed in ruby-rack, an interface for developing web applications in Ruby. CVE-2025-25184 |
Two use-after-free vulnerabilities have been fixed in the XSLT processing library libxslt. CVE-2024-55549 |
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language, which could result in HTTP request smuggling, validation bypass or denial of service. |
Multiple vulnerabilities were discovered in modules shipped with cpython 3.9, the primary interpreter for the Python programming language. |
NIST Vulnerability Database
OS: Suse
* bsc#1235475 * bsc#1237187 Cross-References: * CVE-2024-12747 |
* bsc#1234089 * bsc#1237335 Cross-References: * CVE-2024-29018 |
* bsc#1239547 Cross-References: * CVE-2025-24201 |
* bsc#1239664 * bsc#1239666 * bsc#1239667 * bsc#1239668 * bsc#1239669 |
OS: Fedora
Update to 134.0.6998.117 * Critical CVE-2025-2476: Use after free in Lens |
Update to 4.3.6 (rhbz#2352545) |
This is the monthly update for .NET for March 2025. Release Notes: SDK https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.14/8.0.114.md Runtime: https://github.com/dotnet/core/blob/main/release- notes/8.0/8.0.14/8.0.14.md |
Update to 4.3.6 (rhbz#2352545) |
OS: OpenSuse
An update that fixes two vulnerabilities is now available. |
Exploit-DB.com
OS: Rocky
rhel-system-roles bug fix and enhancement update |
Important: postgresql:15 security update |
Important: postgresql:16 security update |
Important: nodejs:22 security update |
OS: Redhat
An update for libvpx is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, |
An update for bind is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. |
An update for libvpx is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. |
An update for libvpx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability |
OS: Scientific
python: TLS handshake bypass (CVE-2023-40217) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6885 SL7 srpm python-0:2.7.5-94.el7_9.src x86_64 python-0:2.7.5-94.el7_9.x86_64 i386 python-libs-0:2.7.5-94.el7_9.i686 - Scientific Linux Development Team |
plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6886 SL7 srpm plexus-archiver-0:2.4.2-6.el7_9.src noarch plexus-archiver-0:2.4.2-6.el7_9.noarch - Scientific Linux Development Team |
bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:5691 SL7 srpm bind-32:9.11.4-26.P2.el7_9.15.src i386 bind-export-libs-32:9.11.4-26.P2.el7_9.15.i686 x86_64 bind-export-libs-32:9.11.4-26.P2.el7_9.15.x86_64 noarch bind-license-32:9.11.4-26.P2.el7_9.15.noarch - Scie [More...] |
libssh2: use-of-uninitialized-value in _libssh2_transport_read (CVE-2020-22218) --- This content is derived from https://access.redhat.com/errata/RHSA-2 023:5615 SL7 srpm libssh2-0:1.8.0-4.el7_9.1.src i386 libssh2-0:1.8.0-4.el7_9.1.i686 x86_64 libssh2-0:1.8.0-4.el7_9.1.x86_64 noarch libssh2-docs-0:1.8.0- 4.el7_9.1.noarch - Scientific Linux Development Team |
NIST Vulnerability Database
CVEMAP.ORG: Vulnerabilities & Exposures
OS: Slackware
New libarchive packages are available for Slackware 15.0 and -current to fix security issues. |
New freetype packages are available for Slackware 15.0 to fix a security issue. |
New php packages are available for Slackware 15.0 and -current to fix security issues. |
New expat packages are available for Slackware 15.0 and -current to fix a security issue. |
OS: Debian
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2024-44192 |
Ivan Fratric discovered two use-after-free vulnerabilities in libxslt, an XSLT processing runtime library, which may result in the execution of arbitrary code if a specially crafted files are processed. |
A cross-site scripting vulnerability was discovered in hgweb, the integrated stand-alone web interface of the Mercurial version control system. |
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. |
OS: CentOS
Upstream details at : https://access.redhat.com/errata/RHSA-2024:1498 |
Upstream details at : https://access.redhat.com/errata/RHSA-2024:1486 |
Upstream details at : https://access.redhat.com/errata/RHSA-2024:1249 |
Upstream details at : https://access.redhat.com/errata/RHSA-2024:0957 |