Tag Archives: Linux

March Linux Patch Wednesday

Leave a reply

March Linux Patch Wednesday

March Linux Patch Wednesday. In March, Linux vendors began addressing 575 vulnerabilities, which is 57 fewer than in February. Of these, 93 are in the Linux Kernel (⬇️ a significant decrease – there were 305 in February). There are two vulnerabilities with signs of in-the-wild exploitation:

🔻 RCE – Chromium (CVE-2026-3909, CVE-2026-3910)

Additionally, for 130 (❗️) vulnerabilities, public exploits are available or there are indications of their existence. Notable ones include:

🔸 RCE – Caddy (CVE-2026-27590), NLTK (CVE-2025-14009), Rollup (CVE-2026-27606), GVfs (CVE-2026-28296), SPIP (CVE-2026-27475), OpenStack Vitrage (CVE-2026-28370)
🔸 AuthBypass – Curl (CVE-2026-3783), coTURN (CVE-2026-27624), Libsoup (CVE-2026-3099)
🔸 InfDisc – Glances (CVE-2026-30928, CVE-2026-32596)
🔸 PathTrav – gSOAP (CVE-2019-25355), basic-ftp (CVE-2026-27699)
🔸 EoP – Snapd (CVE-2026-3888), GNU Inetutils (CVE-2026-28372)
🔸 SFB – Caddy (CVE-2026-27585, CVE-2026-27587/88/89), Keycloak (CVE-2026-1529), PyJWT (CVE-2026-32597), Authlib (CVE-2026-27962, CVE-2026-28498, CVE-2026-28802)
🔸 CodeInj – lxml_html_clean (CVE-2026-28350), ormar (CVE-2026-26198)
🔸 SSRF – Libsoup (CVE-2026-3632)

🗒 Full Vulristics report

February Linux Patch Wednesday

Leave a reply

February Linux Patch Wednesday

February Linux Patch Wednesday. In February, Linux vendors addressed 632 vulnerabilities – 1.5× fewer than in January, including 305 in the Linux Kernel. Two vulnerabilities show signs of in-the-wild exploitation:

🔻 RCE – Chromium (CVE-2026-2441)
🔻 InfDisc – MongoDB “MongoBleed” (CVE-2025-14847)

Public exploits are available or suspected for 56 more vulnerabilities. Notable ones include:

🔸 RCE – OpenSSL (CVE-2025-15467, CVE-2025-69421, CVE-2025-11187), pgAdmin (CVE-2025-12762, CVE-2025-13780), DiskCache (CVE-2025-69872), PyTorch (CVE-2026-24747), Wheel (CVE-2026-24049)
🔸 AuthBypass – M/Monit (CVE-2020-36968)
🔸 EoP – Grafana (CVE-2025-41115, CVE-2026-21721), M/Monit (CVE-2020-36969)
🔸 AFR – Proxmox Virtual Environment (CVE-2024-21545)
🔸 SFB – Chromium (CVE-2026-1504), Roundcube (CVE-2026-25916)

🗒 Full Vulristics report

На русском

January Linux Patch Wednesday

Leave a reply

January Linux Patch Wednesday

January Linux Patch Wednesday. In January, Linux vendors started fixing 918 vulnerabilities, one and a half times more than in December. Of these, 616 are in the Linux Kernel. Three show signs of exploitation in the wild:

🔻 AuthBypass – GNU Inetutils (telnetd) (CVE-2026-24061)
🔻 RCE – Safari (CVE-2025-43529); fixed in Linux distributions in webkit packages
🔻 MemCor – Chromium (CVE-2025-14174)

Another 97 vulnerabilities have public exploits or signs of their existence. Key examples:

🔸 MemCor – libpng (CVE-2026-22695)
🔸 XSS – Roundcube (CVE-2025-68461)
🔸 RCE – expr-eval (CVE-2025-13204)
🔸 ComInj – cpp-httplib (CVE-2026-21428), httparty (CVE-2025-68696), Miniflux (CVE-2026-21885)
🔸 SQLi – parsl (CVE-2026-21892)
🔸 SFB – OWASP CRS (CVE-2026-21876), Authlib (CVE-2025-68158)
🔸 AFW – node-tar (CVE-2026-23745)
🔸 PathTrav – GNU Wget2 (CVE-2025-69194), Tar (CVE-2025-45582)

🗒 Full Vulristics Report

На русском

December Linux Patch Wednesday

Leave a reply

December Linux Patch Wednesday

December Linux Patch Wednesday. In December, Linux vendors began fixing 650 vulnerabilities, roughly the same as in November. Of these, 399 are in the Linux Kernel. No vulnerabilities with signs of in-the-wild exploitation were detected.

For 29 vulnerabilities, public exploits are available or there are indications of their existence. The following can be highlighted:

🔸 RCE – JupyterLab Extension Template (CVE-2024-39700), fontTools (CVE-2025-66034), Cacti (CVE-2025-66399), CUPS (CVE-2025-64524)
🔸 XXE – Apache Tika (CVE-2025-66516)
🔸 SQLi – phpPgAdmin (CVE-2025-60797, CVE-2025-60798)
🔸 AuthBypass – cpp-httplib (CVE-2025-66570)
🔸 OpenRedirect – Chromium (CVE-2024-13983)

🗒 Full Vulristics report

На русском

November Linux Patch Wednesday

Leave a reply

November Linux Patch Wednesday

November Linux Patch Wednesday. In November, Linux vendors began fixing 516 vulnerabilities, one and a half times fewer than in October. Of these, 232 are in the Linux Kernel. One vulnerability is exploited in the wild:

🔻 MemCor – Chromium (CVE-2025-13223). Added to CISA KEV on November 19.

For 64 more vulnerabilities, public or suspected exploits exist. Notable ones:

🔸 RCE – Samba (CVE-2025-10230), Apache Tomcat (CVE-2025-55752), NVIDIA Container Toolkit (CVE-2024-0132, CVE-2025-23359), Lasso (CVE-2025-47151), QuickJS (CVE-2025-62494), Keras (CVE-2025-9905)
🔸 SQLi – Django (CVE-2025-64459)
🔸 InfDisc – Webmin (CVE-2024-44762), Squid (CVE-2025-62168), BIND (CVE-2025-31133), QuickJS (CVE-2025-62492, CVE-2025-62493)
🔸 SFB – BIND (CVE-2025-40778)
🔸 AuthBypass – Webmin (CVE-2025-61541)
🔸 MemCor – Suricata (CVE-2025-59150)

🗒 Full Vulristics report

На русском

November “In the Trend of VM” (#21): vulnerabilities in Windows, SharePoint, Redis, XWiki, Zimbra Collaboration, and Linux

Leave a reply

November In the Trend of VM (#21): vulnerabilities in Windows, SharePoint, Redis, XWiki, Zimbra Collaboration, and Linux

November “In the Trend of VM” (#21): vulnerabilities in Windows, SharePoint, Redis, XWiki, Zimbra Collaboration, and Linux. The usual monthly roundup. After several months, here’s a big one. 🔥

🗞 Post on Habr (rus)
🗞 Post on SecurityLab (rus)
🗒 Digest on the PT website (rus)

A total of nine vulnerabilities:

🔻 RCE – Windows Server Update Services (WSUS) (CVE-2025-59287)
🔻 RCE – Microsoft SharePoint “ToolShell” (CVE-2025-49704)
🔻 RCE – Windows LNK File (CVE-2025-9491)
🔻 EoP – Windows Remote Access Connection Manager (CVE-2025-59230)
🔻 EoP – Windows Agere Modem Driver (CVE-2025-24990)
🔻 RCE – Redis “RediShell” (CVE-2025-49844)
🔻 RCE – XWiki Platform (CVE-2025-24893)
🔻 XSS – Zimbra Collaboration (CVE-2025-27915)
🔻 EoP – Linux Kernel (CVE-2025-38001)

🟥 Trending Vulnerabilities Portal

На русском

About Elevation of Privilege – Linux Kernel (CVE-2025-38001) vulnerability

Leave a reply

About Elevation of Privilege - Linux Kernel (CVE-2025-38001) vulnerability

About Elevation of Privilege – Linux Kernel (CVE-2025-38001) vulnerability. It affects the Linux HFSC network scheduler module. An authenticated attacker can exploit this flaw to gain root privileges.

⚙️ This vulnerability is from the June Linux Patch Wednesday. In the Vulristics report, it was no different from 354 other Linux Kernel vulnerabilities: the NVD provides a lengthy description that doesn’t clearly indicate the real-world impact of exploitation, and there is no CVSS vector. Classic. 🙄

🛠 About a month after the updates were released in Linux distributions, on July 11, a write-up and a public exploit for this vulnerability were published. In a demo video, a local attacker downloads and executes a binary,after which he obtains a root shell and reads the contents of /etc/shadow. The release of this exploit barely attracted attention on specialized media platforms. 🤷‍♂️

👾 So far, there are no reports of this flaw being exploited in the wild.

На русском