Read Time:9 Second
A cross-site scripting vulnerability was discovered in hgweb, the
integrated stand-alone web interface of the Mercurial version control
system.
Category Archives: Advisories
A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution
Read Time:26 Second
A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
chromium-134.0.6998.117-1.fc41
Read Time:9 Second
FEDORA-2025-1afc565e2b
Packages in this update:
chromium-134.0.6998.117-1.fc41
Update description:
Update to 134.0.6998.117
* Critical CVE-2025-2476: Use after free in Lens
chromium-134.0.6998.117-1.el10_1
Read Time:10 Second
FEDORA-EPEL-2025-ac7714f6e5
Packages in this update:
chromium-134.0.6998.117-1.el10_1
Update description:
Update to 134.0.6998.117
* Critical CVE-2025-2476: Use after free in Lens
chromium-134.0.6998.117-1.fc40
Read Time:9 Second
FEDORA-2025-bee62eff98
Packages in this update:
chromium-134.0.6998.117-1.fc40
Update description:
Update to 134.0.6998.117
* Critical CVE-2025-2476: Use after free in Lens
chromium-134.0.6998.117-1.fc42
Read Time:9 Second
FEDORA-2025-3ccee236a3
Packages in this update:
chromium-134.0.6998.117-1.fc42
Update description:
Update to 134.0.6998.117
* Critical CVE-2025-2476: Use after free in Lens
chromium-134.0.6998.117-1.el9
Read Time:10 Second
FEDORA-EPEL-2025-3bca78a2e4
Packages in this update:
chromium-134.0.6998.117-1.el9
Update description:
Update to 134.0.6998.117
* Critical CVE-2025-2476: Use after free in Lens
A Vulnerability in Veeam Backup & Replication Could Allow for Arbitrary Code Execution
Read Time:23 Second
A vulnerability has been discovered in Veeam Backup & Replication, which could allow for arbitrary code execution. Veeam Backup & Replication is a comprehensive data protection and disaster recovery solution. With Veeam Backup & Replication, you can create image-level backups of virtual, physical and cloud machines and restore from them. Exploitation of this vulnerability requires authentication to the domain but could result in arbitrary code execution. Data such as backups and images could be compromised.
USN-7363-1: PAM-PKCS#11 vulnerabilities
Read Time:24 Second
Marcus Rückert and Matthias Gerstner discovered that PAM-PKCS#11 did not
properly handle certain return codes when authentication was not possible.
An attacker could possibly use this issue to bypass authentication. This
issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-24531)
It was discovered that PAM-PKCS#11 did not require a private key signature
for authentication by default. An attacker could possibly use this issue
to bypass authentication. (CVE-2025-24032)
A Vulnerability in AMI MegaRAC Software Could Allow for Remote Code Execution
Read Time:26 Second
A vulnerability has been discovered in AMI MegaRAC Software, which could allow for remote code execution. MegaRAC is a product line of BMC firmware packages and formerly service processors providing out-of-band, or lights-out remote management of computer systems. Successful exploitation of this vulnerability allows an attacker to remotely control the compromised server, remotely deploy malware, ransomware, firmware tampering, bricking motherboard components (BMC or potentially BIOS/UEFI), potential server physical damage (over-voltage / bricking), and indefinite reboot loops that a victim cannot stop.