Mattermost Server 9.11.x < 9.11.18 / 10.5.x < 10.5.9 / 10.8.x < 10.8.4 / 10.9.x < 10.9.3 / 10.10.0 Multiple Vulnerabilities (MMSA-2025-00498, MMSA-2025-00499)

The version of Mattermost Server installed on the remote host is affected by multiple vulnerabilities as referenced in the MMSA-2025-00500 and MMSA-2025-00499 advisories. - Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2 fail to sanitize the team invite ID ...

Linux Distros Unpatched Vulnerability : CVE-2023-53198

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - raw: Fix NULL deref in rawgetnext. Dae R. Jeong reported a NULL deref in rawgetnext 0. It seems that the repro was running these sequences in parallel so that o...

SUSE CVE-2023-53198

In the Linux kernel, the following vulnerability has been resolved: raw: Fix NULL deref in rawgetnext. Dae R. Jeong reported a NULL deref in rawgetnext 0. It seems that the repro was running these sequences in parallel so that one thread was iterating on a socket that was being freed in another...

Path Traversal

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Path Traversal via improper validation of the user-supplied chatflowid identifier in the addBase64FilesToStorage function. An attacker can access or modify arbitrary files, execute code, or...

Flowise has an Arbitrary File Read

Summary An arbitrary file read vulnerability in the chatId parameter supplied to both the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints allows unauthenticated users to read unintended files on the local filesystem. In the default Flowise configuration this allows...

Directory Traversal

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Directory Traversal via improper validation of the chatId parameter in the file access process. An attacker can access sensitive files on the server filesystem, including database files...

GHSA-99PG-HQVX-R4GF Flowise has an Arbitrary File Read

Summary An arbitrary file read vulnerability in the chatId parameter supplied to both the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints allows unauthenticated users to read unintended files on the local filesystem. In the default Flowise configuration this allows...

CVE-2023-53198

In the Linux kernel, the following vulnerability has been resolved: raw: Fix NULL deref in rawgetnext. Dae R. Jeong reported a NULL deref in rawgetnext 0. It seems that the repro was running these sequences in parallel so that one thread was iterating on a socket that was being freed in another...

CVE-2023-53198

In the Linux kernel, the following vulnerability has been resolved: raw: Fix NULL deref in rawgetnext. Dae R. Jeong reported a NULL deref in rawgetnext 0. It seems that the repro was running these sequences in parallel so that one thread was iterating on a socket that was being freed in another...

DEBIAN-CVE-2023-53198

In the Linux kernel, the following vulnerability has been resolved: raw: Fix NULL deref in rawgetnext. Dae R. Jeong reported a NULL deref in rawgetnext 0. It seems that the repro was running these sequences in parallel so that one thread was iterating on a socket that was being freed in another...

CVE-2023-53198

In the Linux kernel, the following vulnerability has been resolved: raw: Fix NULL deref in rawgetnext. Dae R. Jeong reported a NULL deref in rawgetnext 0. It seems that the repro was running these sequences in parallel so that one thread was iterating on a socket that was being freed in another...

UBUNTU-CVE-2023-53198

In the Linux kernel, the following vulnerability has been resolved: raw: Fix NULL deref in rawgetnext. Dae R. Jeong reported a NULL deref in rawgetnext 0. It seems that the repro was running these sequences in parallel so that one thread was iterating on a socket that was being freed in another...

CVE-2023-53198 raw: Fix NULL deref in raw_get_next().

In the Linux kernel, the following vulnerability has been resolved: raw: Fix NULL deref in rawgetnext. Dae R. Jeong reported a NULL deref in rawgetnext 0. It seems that the repro was running these sequences in parallel so that one thread was iterating on a socket that was being freed in another...

CVE-2023-53198

CVE-2023-53198 affects the Linux kernel raw socket handling (net/ipv4/raw.c). The vulnerability is a NULL dereference in raw_get_next(), triggered by races where a socket in one netns is freed while another thread iterates SOCK_RAW sockets. The root cause involves using RCU-based iteration with h...

CVE-2023-53198

In the Linux kernel, the following vulnerability has been resolved: raw: Fix NULL deref in rawgetnext. Dae R. Jeong reported a NULL deref in rawgetnext 0. It seems that the repro was running these sequences in parallel so that one thread was iterating on a socket that was being freed in another...

CVE-2023-53198 raw: Fix NULL deref in raw_get_next().

In the Linux kernel, the following vulnerability has been resolved: raw: Fix NULL deref in rawgetnext. Dae R. Jeong reported a NULL deref in rawgetnext 0. It seems that the repro was running these sequences in parallel so that one thread was iterating on a socket that was being freed in another...

aide: improper output neutralization enables bypassing

A flaw was found in AIDE. This flaw allows an attacker to craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and tamper with the log output. A local user may exploit this to bypass AIDE's detection of malicious files...

A Practical Adversarial Attack against Sequence-Based Deep Learning Malware Classifiers

Sequence-based deep learning models e.g., RNNs, can detect malware by analyzing its behavioral sequences. Meanwhile, these models are susceptible to adversarial attacks. Attackers can create adversarial samples that alter the sequence characteristics of behavior sequences to deceive malware...

Medium: rust-cargo-c

Issue Overview: tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be...

Amazon Linux 2023 : cargo-c (ALAS2023-2025-1180)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1180 advisory. tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence...