The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. This week in DistroWatch Weekly:
Review: Fedora 42
News: Fedora plans to make most packages reproducible, Nitrux introduces new portable package tools, PINE64 updates multiple devices running flavours of Debian
Questions and answers: Unexpected characters showing up in Vim
Released last week: Fedora 42, Ultramarine Linux 41, Manjaro Linux 25.0.0, MX….
Leaked KeyPlug Malware Infrastructure Contains Exploit Scripts to Hack Fortinet Firewall and VPN
A server briefly linked to the notorious KeyPlug malware has inadvertently exposed a comprehensive arsenal of exploitation tools specifically designed to target Fortinet firewall and VPN appliances.
T …
Read more
Published Date:
Apr 18, 2025 (2 days, 5 hours ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-23109
CVE-2024-23108
GitHub Enterprise Server Vulnerabilities Expose Risk of Code Execution and Data Leaks
GitHub has released security updates to address several vulnerabilities in GitHub Enterprise Server, including a high-severity flaw that could allow attackers to execute arbitrary code. Organizations …
Read more
Published Date:
Apr 19, 2025 (1 day, 22 hours ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3509
CVE-2025-3246
CVE-2025-3124
ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware
Network Security / Vulnerability
ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on …
Read more
Published Date:
Apr 19, 2025 (1 day, 13 hours ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-2492
CVE-2025-32433: Unauthenticated RCE Vulnerability in Erlang/OTP’s SSH Implementation
Key Takeaways
A critical vulnerability has been discovered in Erlang/OTP, tracked as CVE-2025-32433, and has a CVSS score of 10 (critical).
This critical remote code execution (RCE) vulnerability aff …
Read more
Published Date:
Apr 20, 2025 (6 hours, 5 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32433
CVE-2021-45046
CVE-2021-44228
CVE ID : CVE-2025-3819
Published : April 19, 2025, 8:15 p.m. | 1 day, 2 hours ago
Description : A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3818
Published : April 19, 2025, 8:15 p.m. | 1 day, 2 hours ago
Description : A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB._process_insert_query of the file web/db.py. The manipulation of the argument seqname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2022-47111
Published : April 19, 2025, 9:15 p.m. | 1 day, 1 hour ago
Description : 7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Some later versions are unaffected.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2022-47112
Published : April 19, 2025, 9:15 p.m. | 1 day, 1 hour ago
Description : 7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected.
Severity: 2.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2023-26819
Published : April 19, 2025, 10:15 p.m. | 1 day ago
Description : cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {“a”: true, “b”: [ null,9999999999999999999999999999999999999999999999912345678901234567]}.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2023-30421
Published : April 19, 2025, 10:15 p.m. | 1 day ago
Description : mystrtod in mjson 1.2.7 requires more than a billion iterations during processing of certain digit strings such as 8891110122900e913013935755114.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43918
Published : April 19, 2025, 10:15 p.m. | 1 day ago
Description : SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester’s email address, even when the requester does not otherwise establish administrative control of that domain.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43919
Published : April 20, 2025, 1:15 a.m. | 21 hours ago
Description : GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman (aka the private archive authentication endpoint) via the username parameter.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43920
Published : April 20, 2025, 1:15 a.m. | 21 hours ago
Description : GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to execute arbitrary OS commands via shell metacharacters in an email Subject line.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43921
Published : April 20, 2025, 1:15 a.m. | 21 hours ago
Description : GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthenticated attackers to create lists via the /mailman/create endpoint.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43928
Published : April 20, 2025, 3:15 a.m. | 19 hours ago
Description : In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory traversal in the username field. Reading ServerParameters.xml may reveal administrator credentials in cleartext or with MD5 hashing.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43954
Published : April 20, 2025, 7:15 p.m. | 3 hours ago
Description : QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via headers even when when no-html is set.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-43955
Published : April 20, 2025, 8:15 p.m. | 2 hours ago
Description : TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs.
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
crossdirstat is a cross-platform file and directory statistics written using Electron. The post crossdirstat is a file and directory statistics…
ASUS warns of critical auth bypass flaw in routers using AiCloud
ASUS is warning about an authentication bypass vulnerability in routers with AiCloud enabled that could allow remote attackers to perform unauthorized execution of functions on the device.
The vulnera …
Read more
Published Date:
Apr 18, 2025 (2 days, 2 hours ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-2492