February Linux Patch Wednesday. There are 561 vulnerabilities in total. 338 in Linux Kernel. Formally, there is one vulnerability with a sign of exploitation in the wild: RCE – 7-Zip (CVE-2025-0411). But it is about Windows MoTW and, naturally, is not exploitable on Linux.

There are public exploits for 21 vulnerabilities.

Among them there are 5 Cacti vulnerabilities:

RCE – Cacti (CVE-2025-24367)
Command Injection – Cacti (CVE-2025-22604)
SQLi – Cacti (CVE-2024-54145, CVE-2025-24368)
Path Traversal – Cacti (CVE-2024-45598)

2 OpenSSH vulnerabilities discovered by Qualys:

DoS – OpenSSH (CVE-2025-26466)
Spoofing/MiTM – OpenSSH (CVE-2025-26465)

Of the rest, the most interesting are:

RCE – Langchain (CVE-2023-39631), Snapcast (CVE-2023-36177), Checkmk (CVE-2024-13723),
EoP – Linux Kernel (CVE-2024-50066)
SQLi – PostgreSQL (CVE-2025-1094)
XSS – Checkmk (CVE-2024-13722), Thunderbird (CVE-2025-1015)

Full Vulristics report

На русском

January Linux Patch Wednesday. Out of 424 total vulnerabilities, 271 are in the Linux Kernel. None show signs of exploitation in the wild, but 9 have public exploits.

RCE – Apache Tomcat (CVE-2024-56337). Based on the description, the vulnerability affects “case-insensitive file systems” like Windows or MacOS. However, Debian lists it as affecting tomcat9 and tomcat10. Either this is about rare case-insensitive Linux installations or there is an error in the description.
RCE – Chromium (CVE-2025-0291). According to the FSTEC BDU, a public exploit exists.
RCE – 7-Zip (CVE-2024-11477). What’s in the public is not an exploit, but a write-up.
Memory Corruption – Theora (CVE-2024-56431). It’s not clear yet how to exploit this.
Memory Corruption – Telegram (CVE-2021-31320, CVE-2021-31319, CVE-2021-31315, CVE-2021-31318, CVE-2021-31322). Ubuntu fixed these vulnerabilities in the rlottie library package.

Full Vulristics report

На русском

December Linux Patch Wednesday. There are 316 vulnerabilities in total. Compared to November LPW – much better. 119 are in Linux Kernel.

Two vulnerabilities with signs of exploitation in the wild. Both in Safari:

RCE – Safari (CVE-2024-44308)
XSS – Safari (CVE-2024-44309)

These vulnerabilities are fixed not in Safari, but in packages of the WebKit browser engine.

There are no signs of exploitation in the wild for 19 vulnerabilities yet, but there are public exploits. The following can be highlighted:

RCE – Moodle (CVE-2024-43425). First fix in the Linux vendor repository appeared on 2024-11-21 (RedOS)
Command Injection – Grafana (CVE-2024-9264)
Command Injection – virtualenv (CVE-2024-53899)
SQLi – Zabbix (CVE-2024-42327)
Data Leakage – Apache Tomcat (CVE-2024-52317)

Vulristics December Linux Patch Wednesday Report

I released Vulristics 1.0.9 with improved detection of vulnerable software based on CVE description.

На русском

November Linux Patch Wednesday. I was happy in October that the number of vulnerabilities was gradually decreasing to an acceptable level, and in November I got a peak again. A total of 803 vulnerabilities. Of these, 567 are in the Linux Kernel. Kind of crazy.

2 vulnerabilities in Chromium with signs of exploitation in the wild:

Security Feature Bypass – Chromium (CVE-2024-10229)
Memory Corruption – Chromium (CVE-2024-10230, CVE-2024-10231)

There are no signs of exploitation in the wild for 27 vulnerabilities yet, but there are public exploits. Of these, I would draw attention to:

Remote Code Execution – PyTorch (CVE-2024-48063)
Remote Code Execution – OpenRefine Butterfly (CVE-2024-47883) – “web application framework”
Code Injection – OpenRefine tool (CVE-2024-47881)
Command Injection – Eclipse Jetty (CVE-2024-6763)
Memory Corruption – pure-ftpd (CVE-2024-48208)

Vulristics November Linux Patch Wednesday Report

На русском