• April 26, 2022

    Top Linux Vulnerabilities for April 2022 1. CVE-2022-0435 Severity: Critical | CVSS Score: 9.0 A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the...

  • March 7, 2022

    Linux Vulnerabilities of the Week: March 7, 2022 1. Failure to properly escape SQL input in Cyrus SASL affecting Red Hat Enterprise Linux 6 Severity: Critical         CVSS Score: 9.1 This is a flaw in the SQL plugin shipped with Cyrus...

  • February 16, 2022

    Linux Vulnerabilities of the Week: February 14, 2022 1. Integer overflow in function XML_GetBuffer in Expat (<2.4.4) affecting Red Hat Enterprise Linux 7 and 8 Severity: Critical         CVSS Score: 9.8 Expat (libexpat) is susceptible to a software flaw that causes...

  • February 8, 2022

    Linux Vulnerabilities of the Week: February 8, 2022 1. SQL injection in Log4j 1.x when the application is configured to use JDBCAppender Severity: Critical         CVSS Score: 9.8 This is a flaw in the Java logging library Apache Log4j in version...

  • January 10, 2022

    Linux Vulnerabilities of the Week: January 10, 2022 1. Mozilla iframe sandbox rules vulnerability Severity: Critical         CVSS Score: 10.0 Due to incorrect application of iframe sandbox rules to XSLT stylesheets, an iframe can bypass restrictions such as executing scripts or...

  • December 20, 2021

    Linux Vulnerabilities of the Week: December 20, 2021 1. Apache Log4j logging library vulnerability Severity: Critical         CVSS Score: 10.0 This is a flaw in Apache that allows an attacker who can control log messages or log message parameters to execute...

  • December 6, 2021

    Linux Vulnerabilities of the Week: December 6, 2021 1. CSRF token bypass in Mailman (<2.1.38) Severity: Important    CVSS Score: 8.8 A Cross-Site Request Forgery (CSRF) attack can be performed in GNU Mailman due to a CSRF token bypass. CSRF tokens...

  • December 1, 2021

    Linux Vulnerabilities of the Week: November 30, 2021 1. A heap buffer overflow in Redis (>2.6) Severity: Important    CVSS Score: 8.8 Redis is an open-source, in-memory database that persists on disk. In affected versions Specially crafted Lua scripts executing in...

  • November 23, 2021

    Linux Vulnerabilities of the Week: November 22, 2021 1. Out-of-bounds write to memory in FreeRDP  Severity: Important   CVSS Score: 8.8 This is a flaw in the FreeRDP, a free implementation of the Remote Desktop Protocol (RDP), released under the Apache...

  • November 16, 2021

    Linux Vulnerabilities of the Week: November 15, 2021 1. Possible trojan source attacks in the Unicode Specification (through 14.0) Severity: Critical         CVSS Score: 9.8 This is a flaw in the way Unicode standards are implemented in the context of development...