NIST Vulnerability Database
OS: Scientific
python: TLS handshake bypass (CVE-2023-40217) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6885 SL7 srpm python-0:2.7.5-94.el7_9.src x86_64 python-0:2.7.5-94.el7_9.x86_64 i386 python-libs-0:2.7.5-94.el7_9.i686 - Scientific Linux Development Team |
plexus-archiver: Arbitrary File Creation in AbstractUnArchiver (CVE-2023-37460) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:6886 SL7 srpm plexus-archiver-0:2.4.2-6.el7_9.src noarch plexus-archiver-0:2.4.2-6.el7_9.noarch - Scientific Linux Development Team |
bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:5691 SL7 srpm bind-32:9.11.4-26.P2.el7_9.15.src i386 bind-export-libs-32:9.11.4-26.P2.el7_9.15.i686 x86_64 bind-export-libs-32:9.11.4-26.P2.el7_9.15.x86_64 noarch bind-license-32:9.11.4-26.P2.el7_9.15.noarch - Scie [More...] |
libssh2: use-of-uninitialized-value in _libssh2_transport_read (CVE-2020-22218) --- This content is derived from https://access.redhat.com/errata/RHSA-2 023:5615 SL7 srpm libssh2-0:1.8.0-4.el7_9.1.src i386 libssh2-0:1.8.0-4.el7_9.1.i686 x86_64 libssh2-0:1.8.0-4.el7_9.1.x86_64 noarch libssh2-docs-0:1.8.0- 4.el7_9.1.noarch - Scientific Linux Development Team |
CVEMAP.ORG: Vulnerabilities & Exposures
OS: Debian LTS
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For Debian 11 bullseye, these problems have been fixed in version |
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. |
A vulnerability has been discovered in the OpenJDK Java runtime, which may result in authorisation bypass or information disclosure. For Debian 11 bullseye, this problem has been fixed in version |
An issue has been found in asterisk, an Open Source Private Branch Exchange. CVE-2024-53566 |
OS: Arch
The package rsync before version 3.4.0-1 is vulnerable to multiple issues including arbitrary code execution, arbitrary file upload, information disclosure and privilege escalation. |
The package oath-toolkit before version 2.6.12-1 is vulnerable to privilege escalation. |
The package openssh before version 9.8p1-1 is vulnerable to authentication bypass. |
The package xz before version 5.6.1-2 is vulnerable to arbitrary code execution. |
OS: CentOS
Upstream details at : https://access.redhat.com/errata/RHSA-2024:1498 |
Upstream details at : https://access.redhat.com/errata/RHSA-2024:1486 |
Upstream details at : https://access.redhat.com/errata/RHSA-2024:1249 |
Upstream details at : https://access.redhat.com/errata/RHSA-2024:0957 |
Exploit-DB.com
OS: Slackware
New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. |
New mariadb packages are available for Slackware 15.0 and -current to fix security issues. |
New curl packages are available for Slackware 15.0 and -current to fix security issues. |
New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. |
OS: Ubuntu
GNU C Library could be made to crash or run programs if it received specially crafted input. |
Several security issues were fixed in Ruby. |
Several security issues were fixed in CKEditor. |
OpenJDK 23 could be made to expose sensitive information over the network. |
OS: Suse
* bsc#1236705 Cross-References: * CVE-2025-0938 |
* bsc#1236136 Cross-References: * CVE-2024-13176 |
* bsc#1236136 Cross-References: * CVE-2024-13176 |
* bsc#1236596 Cross-References: * CVE-2024-11187 |
OS: Mageia
A difficult to exploit vulnerability allows unauthenticated attackers with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to Oracle Java SE accessible. This vulnerability can be exploited by using APIs in the specified Component, |
Worker permission bypass via InternalWorker leak in diagnostics. (CVE-2025-23083) GOAWAY HTTP/2 frames cause memory leak outside heap. (CVE-2025-23085) References: |
GStreamer has an OOB-write in isomp4/qtdemux.c. (CVE-2024-47537) GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet. (CVE-2024-47538) GStreamer has an OOB-write in convert_to_s334_1a. (CVE-2024-47539) GStreamer uses uninitialized stack memory in Matroska/WebM demuxer. |
An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. (CVE-2024-38875) An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before |
OS: Fedora
Updated to latest upstream (135.0) |
Fix CVE-2025-0781 |
Fix CVE-2025-0781 |
OS: Gentoo
Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to arbitrary code execution. |
Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution. |
Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. |
A vulnerability has been discovered in Qt, where a buffer overflow can lead to denial of service. |
OS: Debian
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the stable distribution (bookworm), these problems have been fixed in |
Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. |
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. |
A vulnerability has been discovered in the OpenJDK Java runtime, which may result in authorisation bypass or information disclosure. For the stable distribution (bookworm), this problem has been fixed in |
NIST Vulnerability Database
OS: Redhat
An update for libvpx is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, |
An update for bind is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. |
An update for libvpx is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. |
An update for libvpx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability |
OS: OpenSuse
OS: Rocky
Important: thunderbird security update |
Important: raptor2 security update |
Important: rsync security update |
Important: kernel-rt security update |