Report Name: Linux Patch Wednesday October 2025
Generated: 2025-10-17 15:26:13

Product Name	Prevalence	U	C	H	M	L	A	Comment
Active Directory	0.9			1			1	Active Directory is a directory service developed by Microsoft for Windows domain networks
Django	0.9			1	2		3	Django is a high-level Python web framework that encourages rapid development and clean, pragmatic design. It provides built-in tools for database models, authentication, URL routing, templates, and security features, making it one of the most widely used frameworks for building scalable and maintainable web applications.
Linux Kernel	0.9			3	227	316	546	The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
Windows Kernel	0.9			1			1	Windows Kernel
WordPress	0.9				2		2	WordPress is a widely-used open source content management system (CMS) for building websites and blogs. It provides a plugin and theme architecture and is written in PHP, typically paired with MySQL/MariaDB for storage.
nghttp2	0.9				1		1	nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C
.NET Core	0.8			1			1	.NET Core
.NET Framework	0.8				1		1	.NET Framework
ASP.NET	0.8			1	1		2	An open-source, server-side web-application framework designed for web development
Binutils	0.8			8			8	The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
Chromium	0.8			1	2		3	Chromium is a free and open-source web browser project, mainly developed and maintained by Google
FreeIPA	0.8		1				1	FreeIPA is a free and open source identity management system
GNOME desktop	0.8				1		1	GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
Mozilla Firefox	0.8			3	4		7	Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
OpenSSH	0.8			1	1		2	OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
OpenSSL	0.8				5		5	A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
PHP	0.8		1				1	PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
Safari	0.8			1	4		5	Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
Zabbix	0.8				1	1	2	Zabbix is an open-source software tool to monitor IT infrastructure such as networks, servers, virtual machines, and cloud services
libxslt	0.8				2		2	ibxslt is the XSLT C library developed for the GNOME project
.NET	0.7					1	1	.NET
Asterisk	0.7			1			1	Asterisk is a free and open source framework for building communications applications and is sponsored by Sangoma
Open Asset Import Library Assimp	0.7			3			3	Open Asset Import Library is a library that loads various 3D file formats into a shared, in-memory format
Oracle VM VirtualBox	0.7			1	2		3	Oracle VM VirtualBox is a hosted hypervisor for x86 virtualization developed by Oracle Corporation
QEMU	0.7				1		1	QEMU is a generic and open source machine & userspace emulator and virtualizer
VMware Tools	0.7		1				1	VMware Tools is a set of services and modules that enable several features in VMware products for better management of, and seamless user interactions with, guests operating systems
Canonical LXD	0.6				7		7	Canonical LXD is a system container and VM manager for Linux. LXD-UI is the web UI component of LXD that provides a browser-based interface for creating, managing and starting containers and instances.
Jenkins	0.6				1		1	Jenkins is an open source automation server. It helps automate the parts of software development related to building, testing, and deploying, facilitating continuous integration, and continuous delivery.
PyTorch	0.6				9	3	12	PyTorch is a machine learning library based on the Torch library, used for applications such as computer vision and natural language processing, originally developed by Meta AI and now part of the Linux Foundation umbrella
Python	0.6				2	2	4	Python is a high-level, general-purpose programming language
Redis	0.6		3	2			5	Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
Wireshark	0.6				1		1	Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
7-Zip	0.5			2			2	7-Zip is a free and open-source file archiver, a utility used to place groups of files within compressed containers known as "archives"
CXF	0.5			1			1	Product detected by a:apache:cxf (exists in CPE dict)
Candlepin	0.5				1		1	Product detected by a:candlepinproject:candlepin (exists in CPE dict)
Cassandra	0.5				1		1	Product detected by a:apache:cassandra (exists in CPE dict)
GPU Display Driver	0.5				1		1	Product detected by a:nvidia:gpu_display_driver (exists in CPE dict)
Go net/http	0.5			1			1	The Go standard library net/http package provides HTTP client and server primitives used by Go applications and many Go-based servers and containers. It includes routing (ServeMux), request handling, and helpers for building web services.
MapServer	0.5			1			1	Product detected by a:osgeo:mapserver (exists in CPE dict)
MuPDF	0.5				1		1	Product detected by a:artifex:mupdf (exists in CPE dict)
NGINX	0.5				1		1	Product detected by a:f5:nginx (exists in CPE dict)
NVIDIA CUDA Toolkit	0.5				10		10	The NVIDIA CUDA Toolkit provides a development environment for creating high-performance, GPU-accelerated applications
Open Babel	0.5			7			7	Open Babel is an open-source chemical toolbox for converting, analyzing and working with many molecular file formats. It provides a C/C++ library and command-line tools widely used in cheminformatics and computational chemistry workflows.
Squid	0.5			1			1	Product detected by a:squid-cache:squid (exists in CPE dict)
Suricata	0.5				1		1	Product detected by a:oisf:suricata (exists in CPE dict)
Tcpreplay	0.5			2			2	Product detected by a:broadcom:tcpreplay (exists in CPE dict)
ZooKeeper	0.5					1	1	Product detected by a:apache:zookeeper (exists in CPE dict)
authlib	0.5			1			1	Product detected by a:authlib:authlib (does NOT exist in CPE dict)
libssh	0.5				1		1	Product detected by a:libssh:libssh (exists in CPE dict)
ogre	0.5			1			1	Product detected by a:ogre3d:ogre (does NOT exist in CPE dict)
rack	0.5				4		4	Product detected by a:rack:rack (does NOT exist in CPE dict)
vim	0.5			1	2		3	Product detected by a:vim:vim (exists in CPE dict)
youtube-dl	0.5				1		1	youtube-dl is a free and open source software tool for downloading video and audio from YouTube and over 1,000 other video hosting websites
zabbix	0.5				1		1	Product detected by a:zabbix:zabbix (exists in CPE dict)
Keras	0.4				1		1	High-level neural networks API, running on top of TensorFlow, allowing model building and training
tar-fs	0.4				1		1	Filesystem bindings for tar-stream that allow you to pack directories into tarballs and extract tarballs into directories
Artifex Ghostscript	0.3				3		3	Artifex Ghostscript is an interpreter for the PostScript® language and PDF files
JOSE	0.3				2		2	JavaScript module for JSON Object Signing and Encryption (JOSE)
Unknown Product	0				31	84	115	Unknown Product

Vulnerability Type	Criticality	U	C	H	M	L	A
Remote Code Execution	1.0		2	8	18		28
Authentication Bypass	0.98			3	7		10
Code Injection	0.97		1	2			3
Command Injection	0.97		1		1		2
Security Feature Bypass	0.9			5	4		9
Elevation of Privilege	0.85		2	1	2		5
Arbitrary File Reading	0.83				2		2
Information Disclosure	0.83			1	6		7
Cross Site Scripting	0.8				4		4
Denial of Service	0.7			4	44	2	50
Path Traversal	0.7				3		3
Incorrect Calculation	0.5				14		14
Memory Corruption	0.5			23	228	13	264
Unknown Vulnerability Type	0				7	393	400

Source	U	C	H	M	L	A
almalinux		2	1	6		9
altlinux		6	1	9	12	28
debian		5	40	308	390	743
oraclelinux		3	3	9	4	19
redhat		2	6	12	1	21
redos			5	20	1	26
ubuntu		1	3	19	13	36

Urgent (0)

Critical (6)

1. Elevation of Privilege - VMware Tools (CVE-2025-41244) - Critical [780]

Description: VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

almalinux: CVE-2025-41244 was patched at 2025-10-07

altlinux: CVE-2025-41244 was patched at 2025-10-02

debian: CVE-2025-41244 was patched at 2025-09-30, 2025-10-15

oraclelinux: CVE-2025-41244 was patched at 2025-10-07

redhat: CVE-2025-41244 was patched at 2025-10-07

ubuntu: CVE-2025-41244 was patched at 2025-09-29

2. Command Injection - PHP (CVE-2024-3566) - Critical [735]

Description: A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.

altlinux: CVE-2024-3566 was patched at 2025-10-14

3. Remote Code Execution - Redis (CVE-2025-46817) - Critical [707]

Description: Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.

altlinux: CVE-2025-46817 was patched at 2025-10-13, 2025-10-15

debian: CVE-2025-46817 was patched at 2025-10-08, 2025-10-09, 2025-10-15

4. Remote Code Execution - Redis (CVE-2025-49844) - Critical [707]

Description: Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.

altlinux: CVE-2025-49844 was patched at 2025-10-13, 2025-10-15

debian: CVE-2025-49844 was patched at 2025-10-08, 2025-10-09, 2025-10-15

oraclelinux: CVE-2025-49844 was patched at 2025-10-08

5. Code Injection - Redis (CVE-2025-46818) - Critical [666]

Description: Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions of Redis with LUA scripting. This issue is fixed in version 8.2.2. A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing LUA scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.

altlinux: CVE-2025-46818 was patched at 2025-10-13, 2025-10-15

debian: CVE-2025-46818 was patched at 2025-10-08, 2025-10-09, 2025-10-15

6. Elevation of Privilege - FreeIPA (CVE-2025-7493) - Critical [618]

Description: A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.

almalinux: CVE-2025-7493 was patched at 2025-10-01

altlinux: CVE-2025-7493 was patched at 2025-10-15

debian: CVE-2025-7493 was patched at 2025-10-15

oraclelinux: CVE-2025-7493 was patched at 2025-10-01, 2025-10-02

redhat: CVE-2025-7493 was patched at 2025-09-30, 2025-10-01, 2025-10-09

High (47)

7. Authentication Bypass - Oracle VM VirtualBox (CVE-2025-30712) - High [589]

Description: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L).

redos: CVE-2025-30712 was patched at 2025-09-24

8. Code Injection - MapServer (CVE-2025-59431) - High [589]

Description: MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipulate backend database queries. This vulnerability is fixed in 8.4.1.

debian: CVE-2025-59431 was patched at 2025-09-25

9. Elevation of Privilege - Asterisk (CVE-2025-1131) - High [577]

Description: A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions. Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.

debian: CVE-2025-1131 was patched at 2025-09-25, 2025-10-10

10. Remote Code Execution - OpenSSH (CVE-2025-61984) - High [561]

Description: ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)

debian: CVE-2025-61984 was patched at 2025-10-15

11. Security Feature Bypass - authlib (CVE-2025-59420) - High [541]

Description: Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib’s JWS verification accepts tokens that declare unknown critical header parameters (crit), violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical header (for example, bork or cnf) that strict verifiers reject but Authlib accepts. In mixed‑language fleets, this enables split‑brain verification and can lead to policy bypass, replay, or privilege escalation. This issue has been patched in version 1.6.4.

debian: CVE-2025-59420 was patched at 2025-09-25

12. Memory Corruption - Binutils (CVE-2025-11082) - High [520]

Description: A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with "[f]ixed for 2.46".

debian: CVE-2025-11082 was patched at 2025-10-15

13. Memory Corruption - Binutils (CVE-2025-11083) - High [520]

Description: A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46".

debian: CVE-2025-11083 was patched at 2025-10-15

14. Denial of Service - Tcpreplay (CVE-2025-51005) - High [517]

Description: A heap-buffer-overflow vulnerability exists in the tcpliveplay utility of the tcpreplay-4.5.1. When a crafted pcap file is processed, the program incorrectly handles memory in the checksum calculation logic at do_checksum_math_liveplay in tcpliveplay.c, leading to a possible denial of service.

debian: CVE-2025-51005 was patched at 2025-09-25

15. Denial of Service - Tcpreplay (CVE-2025-51006) - High [517]

Description: Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxsll2.c. This vulnerability is triggered when tcpedit_dlt_cleanup() indirectly invokes the cleanup routine multiple times on the same memory region. By supplying a specifically crafted pcap file to the tcprewrite binary, a local attacker can exploit this flaw to cause a Denial of Service (DoS) via memory corruption.

debian: CVE-2025-51006 was patched at 2025-09-25

16. Denial of Service - Open Asset Import Library Assimp (CVE-2025-11274) - High [515]

Description: A vulnerability was determined in Open Asset Import Library Assimp 6.0.2. Affected is the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. This manipulation causes allocation of resources. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized.

debian: CVE-2025-11274 was patched at 2025-10-15

17. Security Feature Bypass - Go net/http (CVE-2025-47910) - High [505]

Description: When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.

redos: CVE-2025-47910 was patched at 2025-10-14

18. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-11275) - High [503]

Description: A vulnerability was identified in Open Asset Import Library Assimp 6.0.2. Affected by this vulnerability is the function ODDLParser::getNextSeparator in the library assimp/contrib/openddlparser/include/openddlparser/OpenDDLParserUtils.h. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used.

debian: CVE-2025-11275 was patched at 2025-10-15

19. Memory Corruption - Open Asset Import Library Assimp (CVE-2025-11277) - High [503]

Description: A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing manipulation can lead to heap-based buffer overflow. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited.

debian: CVE-2025-11277 was patched at 2025-10-15

20. Memory Corruption - Binutils (CVE-2025-11081) - High [496]

Description: A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.

debian: CVE-2025-11081 was patched at 2025-10-15

21. Memory Corruption - Binutils (CVE-2025-11412) - High [496]

Description: A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.

debian: CVE-2025-11412 was patched at 2025-10-15

22. Memory Corruption - Binutils (CVE-2025-11413) - High [496]

Description: A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.

debian: CVE-2025-11413 was patched at 2025-10-15

23. Memory Corruption - Binutils (CVE-2025-11414) - High [496]

Description: A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.

debian: CVE-2025-11414 was patched at 2025-10-15

24. Memory Corruption - Binutils (CVE-2025-11494) - High [496]

Description: A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.

debian: CVE-2025-11494 was patched at 2025-10-15

25. Memory Corruption - Binutils (CVE-2025-11495) - High [496]

Description: A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.

debian: CVE-2025-11495 was patched at 2025-10-15

26. Memory Corruption - vim (CVE-2025-9389) - High [491]

Description: A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not able to reproduce this. One of the users mentions that this appears not to be working, "when coloring is turned on".

redos: CVE-2025-9389 was patched at 2025-10-07

27. Memory Corruption - Open Babel (CVE-2025-10995) - High [482]

Description: A security vulnerability has been detected in Open Babel up to 3.1.1. This vulnerability affects the function zlib_stream::basic_unzip_streambuf::underflow in the library /src/zipstreamimpl.h. Such manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used.

debian: CVE-2025-10995 was patched at 2025-10-15

28. Memory Corruption - Open Babel (CVE-2025-10994) - High [470]

Description: A weakness has been identified in Open Babel up to 3.1.1. This affects the function GAMESSOutputFormat::ReadMolecule of the file gamessformat.cpp. This manipulation causes use after free. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be exploited.

debian: CVE-2025-10994 was patched at 2025-10-15

29. Memory Corruption - Open Babel (CVE-2025-10996) - High [470]

Description: A vulnerability was detected in Open Babel up to 3.1.1. This issue affects the function OBSmilesParser::ParseSmiles of the file /src/formats/smilesformat.cpp. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit is now public and may be used.

debian: CVE-2025-10996 was patched at 2025-10-15

30. Memory Corruption - Open Babel (CVE-2025-10997) - High [470]

Description: A flaw has been found in Open Babel up to 3.1.1. Impacted is the function ChemKinFormat::CheckSpecies of the file /src/formats/chemkinformat.cpp. Executing manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has been published and may be used.

debian: CVE-2025-10997 was patched at 2025-10-15

31. Remote Code Execution - 7-Zip (CVE-2025-11001) - High [464]

Description: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account.

debian: CVE-2025-11001 was patched at 2025-10-15

32. Remote Code Execution - 7-Zip (CVE-2025-11002) - High [464]

Description: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account.

debian: CVE-2025-11002 was patched at 2025-10-15

33. Security Feature Bypass - Safari (CVE-2025-43342) - High [460]

Description: A correctness issue was addressed with improved checks. This issue is fixed in tvOS 26, Safari 26, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.

almalinux: CVE-2025-43342 was patched at 2025-10-13

debian: CVE-2025-43342 was patched at 2025-09-25

oraclelinux: CVE-2025-43342 was patched at 2025-10-13

redhat: CVE-2025-43342 was patched at 2025-10-09, 2025-10-13, 2025-10-15

ubuntu: CVE-2025-43342 was patched at 2025-10-09

34. Authentication Bypass - Active Directory (CVE-2025-11561) - High [455]

Description: A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users, potentially resulting in unauthorized access or privilege escalation on domain-joined Linux hosts.

debian: CVE-2025-11561 was patched at 2025-10-15

35. Memory Corruption - Linux Kernel (CVE-2025-39866) - High [453]

Description: In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in __mark_inode_dirty() An use-after-free issue occurred when __mark_inode_dirty() get the bdi_writeback that was in the progress of switching. CPU: 1 PID: 562 Comm: systemd-random- Not tainted 6.6.56-gb4403bd46a8e #1 ...... pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __mark_inode_dirty+0x124/0x418 lr : __mark_inode_dirty+0x118/0x418 sp : ffffffc08c9dbbc0 ........ Call trace: __mark_inode_dirty+0x124/0x418 generic_update_time+0x4c/0x60 file_modified+0xcc/0xd0 ext4_buffered_write_iter+0x58/0x124 ext4_file_write_iter+0x54/0x704 vfs_write+0x1c0/0x308 ksys_write+0x74/0x10c __arm64_sys_write+0x1c/0x28 invoke_syscall+0x48/0x114 el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x40/0xe4 el0t_64_sync_handler+0x120/0x12c el0t_64_sync+0x194/0x198 Root cause is: systemd-random-seed kworker ---------------------------------------------------------------------- ___mark_inode_dirty inode_switch_wbs_work_fn spin_lock(&inode->i_lock); inode_attach_wb locked_inode_to_wb_and_lock_list get inode->i_wb spin_unlock(&inode->i_lock); spin_lock(&wb->list_lock) spin_lock(&inode->i_lock) inode_io_list_move_locked spin_unlock(&wb->list_lock) spin_unlock(&inode->i_lock) spin_lock(&old_wb->list_lock) inode_do_switch_wbs spin_lock(&inode->i_lock) inode->i_wb = new_wb spin_unlock(&inode->i_lock) spin_unlock(&old_wb->list_lock) wb_put_many(old_wb, nr_switched) cgwb_release old wb released wb_wakeup_delayed() accesses wb, then trigger the use-after-free issue Fix this race condition by holding inode spinlock until wb_wakeup_delayed() finished.

debian: CVE-2025-39866 was patched at 2025-09-22, 2025-09-25, 2025-10-15

oraclelinux: CVE-2025-39866 was patched at 2025-10-06, 2025-10-14

36. Memory Corruption - Linux Kernel (CVE-2025-39913) - High [453]

Description: In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. syzbot reported the splat below. [0] The repro does the following: 1. Load a sk_msg prog that calls bpf_msg_cork_bytes(msg, cork_bytes) 2. Attach the prog to a SOCKMAP 3. Add a socket to the SOCKMAP 4. Activate fault injection 5. Send data less than cork_bytes At 5., the data is carried over to the next sendmsg() as it is smaller than the cork_bytes specified by bpf_msg_cork_bytes(). Then, tcp_bpf_send_verdict() tries to allocate psock->cork to hold the data, but this fails silently due to fault injection + __GFP_NOWARN. If the allocation fails, we need to revert the sk->sk_forward_alloc change done by sk_msg_alloc(). Let's call sk_msg_free() when tcp_bpf_send_verdict fails to allocate psock->cork. The "*copied" also needs to be updated such that a proper error can be returned to the caller, sendmsg. It fails to allocate psock->cork. Nothing has been corked so far, so this patch simply sets "*copied" to 0. [0]: WARNING: net/ipv4/af_inet.c:156 at inet_sock_destruct+0x623/0x730 net/ipv4/af_inet.c:156, CPU#1: syz-executor/5983 Modules linked in: CPU: 1 UID: 0 PID: 5983 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 RIP: 0010:inet_sock_destruct+0x623/0x730 net/ipv4/af_inet.c:156 Code: 0f 0b 90 e9 62 fe ff ff e8 7a db b5 f7 90 0f 0b 90 e9 95 fe ff ff e8 6c db b5 f7 90 0f 0b 90 e9 bb fe ff ff e8 5e db b5 f7 90 <0f> 0b 90 e9 e1 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 9f fc RSP: 0018:ffffc90000a08b48 EFLAGS: 00010246 RAX: ffffffff8a09d0b2 RBX: dffffc0000000000 RCX: ffff888024a23c80 RDX: 0000000000000100 RSI: 0000000000000fff RDI: 0000000000000000 RBP: 0000000000000fff R08: ffff88807e07c627 R09: 1ffff1100fc0f8c4 R10: dffffc0000000000 R11: ffffed100fc0f8c5 R12: ffff88807e07c380 R13: dffffc0000000000 R14: ffff88807e07c60c R15: 1ffff1100fc0f872 FS: 00005555604c4500(0000) GS:ffff888125af1000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005555604df5c8 CR3: 0000000032b06000 CR4: 00000000003526f0 Call Trace: <IRQ> __sk_destruct+0x86/0x660 net/core/sock.c:2339 rcu_do_batch kernel/rcu/tree.c:2605 [inline] rcu_core+0xca8/0x1770 kernel/rcu/tree.c:2861 handle_softirqs+0x286/0x870 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1052 </IRQ>

debian: CVE-2025-39913 was patched at 2025-10-15

37. Memory Corruption - Linux Kernel (CVE-2025-39946) - High [453]

Description: In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we read out the data sooner, to prevent connection stalls. Make sure that we abort the connection when we find out late that the record is actually invalid. Retrying the parsing is fine in itself but since we copy some more data each time before we parse we can overflow the allocated skb space. Constructing a scenario in which we're under pressure without enough data in the socket to parse the length upfront is quite hard. syzbot figured out a way to do this by serving us the header in small OOB sends, and then filling in the recvbuf with a large normal send. Make sure that tls_rx_msg_size() aborts strp, if we reach an invalid record there's really no way to recover.

debian: CVE-2025-39946 was patched at 2025-10-15

38. Memory Corruption - Open Babel (CVE-2025-10998) - High [446]

Description: A vulnerability has been found in Open Babel up to 3.1.1. The affected element is the function ChemKinFormat::ReadReactionQualifierLines of the file /src/formats/chemkinformat.cpp. The manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used.

debian: CVE-2025-10998 was patched at 2025-10-15

39. Memory Corruption - Open Babel (CVE-2025-10999) - High [446]

Description: A vulnerability was found in Open Babel up to 3.1.1. The impacted element is the function CacaoFormat::SetHilderbrandt of the file /src/formats/cacaoformat.cpp. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been made public and could be used.

debian: CVE-2025-10999 was patched at 2025-10-15

40. Memory Corruption - Open Babel (CVE-2025-11000) - High [446]

Description: A vulnerability was determined in Open Babel up to 3.1.1. This affects the function PQSFormat::ReadMolecule of the file /src/formats/PQSformat.cpp. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized.

debian: CVE-2025-11000 was patched at 2025-10-15

41. Memory Corruption - Squid (CVE-2025-59362) - High [446]

Description: Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c.

debian: CVE-2025-59362 was patched at 2025-10-15

ubuntu: CVE-2025-59362 was patched at 2025-10-06

42. Memory Corruption - ogre (CVE-2025-11017) - High [446]

Description: A vulnerability was detected in OGRECave Ogre up to 14.4.1. The impacted element is the function Ogre::LogManager::stream of the file /ogre/OgreMain/src/OgreLogManager.cpp. Performing manipulation of the argument mDefaultLog results in null pointer dereference. The attack must be initiated from a local position. The exploit is now public and may be used.

debian: CVE-2025-11017 was patched at 2025-10-15

43. Code Injection - Django (CVE-2025-59681) - High [442]

Description: An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB).

debian: CVE-2025-59681 was patched at 2025-10-07, 2025-10-15

ubuntu: CVE-2025-59681 was patched at 2025-10-01

44. Remote Code Execution - ASP.NET (CVE-2025-36854) - High [442]

Description: A vulnerability ( CVE-2024-38229 https://www.cve.org/CVERecord ) exists in EOL ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to use-after-free, resulting in Remote Code Execution. Per CWE-416: Use After Free https://cwe.mitre.org/data/definitions/416.html , Use After Free is when a product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. This issue affects EOL ASP.NET 6.0.0 <= 6.0.36 as represented in this CVE, as well as 8.0.0 <= 8.0.8, 9.0.0-preview.1.24081.5 <= 9.0.0.RC.1 as represented in CVE-2024-38229 https://www.cve.org/CVERecord . Additionally, if you've deployed self-contained applications https://docs.microsoft.com/dotnet/core/deploying/#self-contained-deployments-scd targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. NOTE: This CVE only represents End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.

redos: CVE-2025-36854 was patched at 2025-10-02

45. Remote Code Execution - Redis (CVE-2025-61765) - High [433]

Description: python-socketio is a Python implementation of the Socket.IO realtime client and server. A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which the attacker previously gained access to the message queue that the servers use for internal communications. When Socket.IO servers are configured to use a message queue backend such as Redis for inter-server communication, messages sent between the servers are encoded using the `pickle` Python module. When a server receives one of these messages through the message queue, it assumes it is trusted and immediately deserializes it. The vulnerability stems from deserialization of messages using Python's `pickle.loads()` function. Having previously obtained access to the message queue, the attacker can send a python-socketio server a crafted pickle payload that executes arbitrary code during deserialization via Python's `__reduce__` method. This vulnerability only affects deployments with a compromised message queue. The attack can lead to the attacker executing random code in the context of, and with the privileges of a Socket.IO server process. Single-server systems that do not use a message queue, and multi-server systems with a secure message queue are not vulnerable. In addition to making sure standard security practices are followed in the deployment of the message queue, users of the python-socketio package can upgrade to version 5.14.0 or newer, which remove the `pickle` module and use the much safer JSON encoding for inter-server messaging.

debian: CVE-2025-61765 was patched at 2025-10-15

46. Remote Code Execution - Mozilla Firefox (CVE-2025-11714) - High [430]

Description: Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.

debian: CVE-2025-11714 was patched at 2025-10-15

redhat: CVE-2025-11714 was patched at 2025-10-15

47. Remote Code Execution - Mozilla Firefox (CVE-2025-11715) - High [419]

Description: Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.

debian: CVE-2025-11715 was patched at 2025-10-15

redhat: CVE-2025-11715 was patched at 2025-10-15

48. Remote Code Execution - CXF (CVE-2025-48913) - High [416]

Description: If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.

redhat: CVE-2025-48913 was patched at 2025-10-02

49. Denial of Service - Redis (CVE-2025-46819) - High [415]

Description: Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.

altlinux: CVE-2025-46819 was patched at 2025-10-13, 2025-10-15

debian: CVE-2025-46819 was patched at 2025-10-08, 2025-10-09, 2025-10-15

50. Security Feature Bypass - .NET Core (CVE-2025-55315) - High [413]

Description: Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

oraclelinux: CVE-2025-55315 was patched at 2025-10-16

redhat: CVE-2025-55315 was patched at 2025-10-15, 2025-10-16

51. Security Feature Bypass - Chromium (CVE-2025-10890) - High [413]

Description: Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-10890 was patched at 2025-09-25

52. Information Disclosure - Mozilla Firefox (CVE-2025-11710) - High [412]

Description: A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.

debian: CVE-2025-11710 was patched at 2025-10-15

redhat: CVE-2025-11710 was patched at 2025-10-15

53. Authentication Bypass - Windows Kernel (CVE-2025-23277) - High [408]

Description: NVIDIA Display Driver for Linux and Windows contains a vulnerability in the kernel mode driver, where an attacker could access memory outside bounds permitted under normal use cases. A successful exploit of this vulnerability might lead to denial of service, data tampering, or information disclosure.

redos: CVE-2025-23277 was patched at 2025-09-25

Medium (340)

54. Remote Code Execution - youtube-dl (CVE-2025-54072) - Medium [392]

Description: yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the default placeholder (or {}), insufficient sanitization is applied to the expanded filepath, allowing for remote code execution. This is a bypass of the mitigation for CVE-2024-22423 where the default placeholder and {} were not covered by the new escaping rules. Windows users who are unable to upgrade should avoid using --exec altogether. Instead, the --write-info-json or --dump-json options could be used, with an external script or command line consuming the JSON output. This is fixed in version 2025.07.21.

altlinux: CVE-2025-54072 was patched at 2025-10-14

55. Arbitrary File Reading - Canonical LXD (CVE-2025-54293) - Medium [391]

Description: Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.

debian: CVE-2025-54293 was patched at 2025-10-15

56. Authentication Bypass - Candlepin (CVE-2023-1832) - Medium [389]

Description: An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant.

redos: CVE-2023-1832 was patched at 2025-10-06

57. Authentication Bypass - Python (CVE-2025-61783) - Medium [382]

Description: Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

debian: CVE-2025-61783 was patched at 2025-10-15

58. Cross Site Scripting - WordPress (CVE-2025-58674) - Medium [376]

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress allows Stored XSS. WordPress core security team is aware of the issue and working on a fix. This is low severity vulnerability that requires an attacker to have Author or higher user privileges to execute the attack vector.This issue affects WordPress: from 6.8 through 6.8.2, from 6.7 through 6.7.3, from 6.6 through 6.6.3, from 6.5 through 6.5.6, from 6.4 through 6.4.6, from 6.3 through 6.3.6, from 6.2 through 6.2.7, from 6.1 through 6.1.8, from 6.0 through 6.0.10, from 5.9 through 5.9.11, from 5.8 through 5.8.11, from 5.7 through 5.7.13, from 5.6 through 5.6.15, from 5.5 through 5.5.16, from 5.4 through 5.4.17, from 5.3 through 5.3.19, from 5.2 through 5.2.22, from 5.1 through 5.1.20, from 5.0 through 5.0.23, from 4.9 through 4.9.27, from 4.8 through 4.8.26, from 4.7 through 4.7.30.

debian: CVE-2025-58674 was patched at 2025-09-25

59. Information Disclosure - Safari (CVE-2025-43356) - Medium [376]

Description: The issue was addressed with improved handling of caches. This issue is fixed in tvOS 26, Safari 26, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. A website may be able to access sensor information without user consent.

almalinux: CVE-2025-43356 was patched at 2025-10-13

debian: CVE-2025-43356 was patched at 2025-09-25

oraclelinux: CVE-2025-43356 was patched at 2025-10-13

redhat: CVE-2025-43356 was patched at 2025-10-09, 2025-10-13, 2025-10-15

ubuntu: CVE-2025-43356 was patched at 2025-10-09

60. Denial of Service - Django (CVE-2025-27556) - Medium [370]

Description: An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.

altlinux: CVE-2025-27556 was patched at 2025-10-14

61. Command Injection - Canonical LXD (CVE-2025-54289) - Medium [368]

Description: Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format

debian: CVE-2025-54289 was patched at 2025-10-15

62. Denial of Service - OpenSSL (CVE-2025-9230) - Medium [365]

Description: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.

altlinux: CVE-2025-9230 was patched at 2025-10-03

debian: CVE-2025-9230 was patched at 2025-10-01, 2025-10-15

ubuntu: CVE-2025-9230 was patched at 2025-09-30

63. Memory Corruption - Safari (CVE-2025-43343) - Medium [365]

Description: The issue was addressed with improved memory handling. This issue is fixed in tvOS 26, Safari 26, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.

debian: CVE-2025-43343 was patched at 2025-10-15

oraclelinux: CVE-2025-43343 was patched at 2025-10-16

redhat: CVE-2025-43343 was patched at 2025-10-15

64. Denial of Service - QEMU (CVE-2025-11234) - Medium [360]

Description: A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.

debian: CVE-2025-11234 was patched at 2025-10-15

65. Remote Code Execution - OpenSSH (CVE-2025-61985) - Medium [359]

Description: ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.

debian: CVE-2025-61985 was patched at 2025-10-15

66. Remote Code Execution - NVIDIA CUDA Toolkit (CVE-2025-23308) - Medium [357]

Description: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may cause a heap-based buffer overflow by getting the user to run nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running nvdisasm.

debian: CVE-2025-23308 was patched at 2025-09-25

67. Remote Code Execution - NVIDIA CUDA Toolkit (CVE-2025-23339) - Medium [357]

Description: NVIDIA CUDA Toolkit for all platforms contains a vulnerability in cuobjdump where an attacker may cause a stack-based buffer overflow by getting the user to run cuobjdump on a malicious ELF file. A successful exploit of this vulnerability may lead to arbitrary code execution at the privilege level of the user running cuobjdump.

debian: CVE-2025-23339 was patched at 2025-09-25

68. Remote Code Execution - Unknown Product (CVE-2025-54386) - Medium [357]

Description: {'nvd_cve_data_all': 'Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. This is fixed in versions 2.11.28, 3.4.5 and 3.5.0.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. This is fixed in versions 2.11.28, 3.4.5 and 3.5.0.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

altlinux: CVE-2025-54386 was patched at 2025-09-19

69. Remote Code Execution - Unknown Product (CVE-2025-61774) - Medium [357]

Description: {'nvd_cve_data_all': 'PyVista provides 3D plotting and mesh analysis through an interface for the Visualization Toolkit (VTK). Version 0.46.3 of the PyVista Project is vulnerable to remote code execution via dependency confusion. Two pieces of code use`--extra-index-url`. But when `--extra-index-url` is used, pip always checks for the PyPI index first, and then the external index. One package listed in the code is not published in PyPI. If an attacker publishes a package with higher version in PyPI, the malicious code from the attacker controlled package may be pulled, leading to remote code execution and a supply chain attack. As of time of publication, a patched version is unavailable.', 'epss_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'PyVista provides 3D plotting and mesh analysis through an interface for the Visualization Toolkit (VTK). Version 0.46.3 of the PyVista Project is vulnerable to remote code execution via dependency confusion. Two pieces of code use`--extra-index-url`. But when `--extra-index-url` is used, pip always checks for the PyPI index first, and then the external index. One package listed in the code is not published in PyPI. If an attacker publishes a package with higher version in PyPI, the malicious code from the attacker controlled package may be pulled, leading to remote code execution and a supply chain attack. As of time of publication, a patched version is unavailable.', 'bdu_cve_data_all': '', 'custom_cve_data_all': '', 'combined_cve_data_all': ''}

debian: CVE-2025-61774 was patched at 2025-10-15

70. Information Disclosure - Canonical LXD (CVE-2025-54290) - Medium [355]

Description: Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints.

debian: CVE-2025-54290 was patched at 2025-10-15

71. Security Feature Bypass - Canonical LXD (CVE-2025-54286) - Medium [355]

Description: Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication.

debian: CVE-2025-54286 was patched at 2025-10-15

72. Elevation of Privilege - Cassandra (CVE-2025-26467) - Medium [354]

Description: Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on affected versions should review data access rules for potential breaches. This issue affects Apache Cassandra 3.0.30, 3.11.17, 4.0.16, 4.1.7, 5.0.2, but this advisory is only for 4.0.16 because the fix to CVE-2025-23015 was incorrectly applied to 4.0.16, so that version is still affected. Users in the 4.0 series are recommended to upgrade to version 4.0.17 which fixes the issue. Users from 3.0, 3.11, 4.1 and 5.0 series should follow recommendation from CVE-2025-23015.

redos: CVE-2025-26467 was patched at 2025-09-23

73. Incorrect Calculation - Chromium (CVE-2025-10891) - Medium [353]

Description: Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-10891 was patched at 2025-09-25

74. Incorrect Calculation - Chromium (CVE-2025-10892) - Medium [353]

Description: Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

debian: CVE-2025-10892 was patched at 2025-09-25

75. Memory Corruption - Mozilla Firefox (CVE-2025-11709) - Medium [353]

Description: A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.

debian: CVE-2025-11709 was patched at 2025-10-15

redhat: CVE-2025-11709 was patched at 2025-10-15

76. Security Feature Bypass - .NET Framework (CVE-2025-55248) - Medium [353]

Description: Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.

oraclelinux: CVE-2025-55248 was patched at 2025-10-16

redhat: CVE-2025-55248 was patched at 2025-10-15, 2025-10-16

77. Remote Code Execution - Keras (CVE-2025-9906) - Medium [352]

Description: The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True. One can create a specially crafted .keras model archive that, when loaded via Model.load_model, will trigger arbitrary code to be executed. This is achieved by crafting a special config.json (a file within the .keras archive) that will invoke keras.config.enable_unsafe_deserialization() to disable safe mode. Once safe mode is disable, one can use the Lambda layer feature of keras, which allows arbitrary Python code in the form of pickled code. Both can appear in the same archive. Simply the keras.config.enable_unsafe_deserialization() needs to appear first in the archive and the Lambda with arbitrary code needs to be second.

debian: CVE-2025-9906 was patched at 2025-09-25

78. Denial of Service - rack (CVE-2025-61770) - Medium [351]

Description: Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` buffers the entire multipart preamble (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing significant memory use and potential process termination due to out-of-memory (OOM) conditions. Remote attackers can trigger large transient memory spikes by including a long preamble in multipart/form-data requests. The impact scales with allowed request sizes and concurrency, potentially causing worker crashes or severe slowdown due to garbage collection. Versions 2.2.19, 3.1.17, and 3.2.2 enforce a preamble size limit (e.g., 16 KiB) or discard preamble data entirely. Workarounds include limiting total request body size at the proxy or web server level and monitoring memory and set per-process limits to prevent OOM conditions.

debian: CVE-2025-61770 was patched at 2025-10-15

79. Denial of Service - rack (CVE-2025-61772) - Medium [351]

Description: Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incoming bytes to memory without a size cap, allowing a remote attacker to exhaust memory and cause a denial of service (DoS). Attackers can send incomplete multipart headers to trigger high memory use, leading to process termination (OOM) or severe slowdown. The effect scales with request size limits and concurrency. All applications handling multipart uploads may be affected. Versions 2.2.19, 3.1.17, and 3.2.2 cap per-part header size (e.g., 64 KiB). As a workaround, restrict maximum request sizes at the proxy or web server layer (e.g., Nginx `client_max_body_size`).

debian: CVE-2025-61772 was patched at 2025-10-15

80. Security Feature Bypass - Suricata (CVE-2025-59147) - Medium [351]

Description: Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as 8.0.0, are vulnerable to detection bypass when crafted traffic sends multiple SYN packets with different sequence numbers within the same flow tuple, which can cause Suricata to fail to pick up the TCP session. In IDS mode this can lead to a detection and logging bypass. In IPS mode this will lead to the flow getting blocked. This issue is fixed in versions 7.0.12 and 8.0.1.

debian: CVE-2025-59147 was patched at 2025-10-15

81. Cross Site Scripting - Mozilla Firefox (CVE-2025-11712) - Medium [347]

Description: A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.

debian: CVE-2025-11712 was patched at 2025-10-15

redhat: CVE-2025-11712 was patched at 2025-10-15

82. Authentication Bypass - Canonical LXD (CVE-2025-54288) - Medium [346]

Description: Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers and obtain their metadata, configuration, and device information via spoofed process names in the command line.

debian: CVE-2025-54288 was patched at 2025-10-15

83. Arbitrary File Reading - Canonical LXD (CVE-2025-54287) - Medium [343]

Description: Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.

debian: CVE-2025-54287 was patched at 2025-10-15

84. Denial of Service - OpenSSL (CVE-2025-9232) - Medium [341]

Description: Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.

debian: CVE-2025-9232 was patched at 2025-10-01, 2025-10-15

ubuntu: CVE-2025-9232 was patched at 2025-09-30

85. Memory Corruption - Mozilla Firefox (CVE-2025-11708) - Medium [341]

Description: Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.

debian: CVE-2025-11708 was patched at 2025-10-15

redhat: CVE-2025-11708 was patched at 2025-10-15

86. Security Feature Bypass - JOSE (CVE-2025-61920) - Medium [341]

Description: Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes. During verification, Authlib decodes and parses the full input before it is rejected, driving CPU and memory consumption to hostile levels and enabling denial of service. Version 1.6.5 patches the issue. Some temporary workarounds are available. Enforce input size limits before handing tokens to Authlib and/or use application-level throttling to reduce amplification risk.

debian: CVE-2025-61920 was patched at 2025-10-15

87. Information Disclosure - GPU Display Driver (CVE-2023-25517) - Medium [338]

Description: NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.

redos: CVE-2023-25517 was patched at 2025-09-25

88. Path Traversal - Django (CVE-2025-59682) - Medium [334]

Description: An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common prefix with the target directory.

debian: CVE-2025-59682 was patched at 2025-10-15

ubuntu: CVE-2025-59682 was patched at 2025-10-01

89. Authentication Bypass - JOSE (CVE-2025-61152) - Medium [332]

Description: python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims (e.g., is_admin=true) and bypass authentication checks, leading to privilege escalation or unauthorized access in applications that rely on python-jose for token validation. This issue is exploitable unless developers explicitly reject 'alg=none' tokens, which is not enforced by the library.

debian: CVE-2025-61152 was patched at 2025-10-15

90. Denial of Service - PyTorch (CVE-2025-55551) - Medium [332]

Description: An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.

debian: CVE-2025-55551 was patched at 2025-10-15

91. Denial of Service - PyTorch (CVE-2025-55553) - Medium [332]

Description: A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).

debian: CVE-2025-55553 was patched at 2025-10-15

92. Denial of Service - PyTorch (CVE-2025-55557) - Medium [332]

Description: A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).

debian: CVE-2025-55557 was patched at 2025-10-15

93. Denial of Service - PyTorch (CVE-2025-55558) - Medium [332]

Description: A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).

debian: CVE-2025-55558 was patched at 2025-10-15

94. Denial of Service - PyTorch (CVE-2025-55560) - Medium [332]

Description: An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.

debian: CVE-2025-55560 was patched at 2025-10-15

95. Authentication Bypass - zabbix (CVE-2025-27231) - Medium [329]

Description: The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change.

debian: CVE-2025-27231 was patched at 2025-10-15

96. Denial of Service - libxslt (CVE-2025-10911) - Medium [329]

Description: A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.

debian: CVE-2025-10911 was patched at 2025-10-15

97. Memory Corruption - GNOME desktop (CVE-2025-11021) - Medium [329]

Description: A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.

almalinux: CVE-2025-11021 was patched at 2025-10-15

debian: CVE-2025-11021 was patched at 2025-10-15

98. Denial of Service - libssh (CVE-2023-3603) - Medium [327]

Description: A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users. Given this code is not in any released versions, no security releases have been issued.

redos: CVE-2023-3603 was patched at 2025-09-24

99. Denial of Service - rack (CVE-2025-59830) - Medium [327]

Description: Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its params_limit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters than intended. Applications or middleware that directly invoke Rack::QueryParser with its default configuration (no explicit delimiter) could be exposed to increased CPU and memory consumption. This can be abused as a limited denial-of-service vector. This issue has been patched in version 2.2.18.