1711 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990788)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990788 advisory. In the Linux kernel, the following vulnerability has been resolved: net: tunnels: annotate lockless accesses to dev-neededheadroom IP tunnels can apparently update...
CVE-2025-64485
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.4.0 through 2.48.1, a malicious CVAT user with at least the User global role may create files in the root of the mounted file share, or overwrite existing files. If no file share is mounted, the...
EUVD-2025-38341
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.4.0 through 2.48.1, a malicious CVAT user with at least the User global role may create files in the root of the mounted file share, or overwrite existing files. If no file share is mounted, the...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990618)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990618 advisory. In the Linux kernel, the following vulnerability has been resolved: net: xfrm: unexport init-annotated xfrm4protocolinit EXPORTSYMBOL and init is a bad combination...
[SECURITY] Fedora 43 Update: python-annotated-doc-0.0.3-2.fc43
Document parameters, class attributes, return types, and variables inline, wi th Annotated...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989611)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989611 advisory. In the Linux kernel, the following vulnerability has been resolved: tick/nohz: unexport init-annotated ticknohzfullsetup EXPORTSYMBOL and init is a bad combination...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989477)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989477 advisory. In the Linux kernel, the following vulnerability has been resolved: net: xfrm: unexport init-annotated xfrm4protocolinit EXPORTSYMBOL and init is a bad combination...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989944)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989944 advisory. In the Linux kernel, the following vulnerability has been resolved: clocksource: hyper-v: unexport init-annotated hvinitclocksource EXPORTSYMBOL and init is a bad...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989126)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989126 advisory. In the Linux kernel, the following vulnerability has been resolved: tick/nohz: unexport init-annotated ticknohzfullsetup EXPORTSYMBOL and init is a bad combination...
SUSE CVE-2025-62725
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker-supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
Linux Distros Unpatched Vulnerability : CVE-2025-62725
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or...
CVE-2025-62725
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
UBUNTU-CVE-2025-62725
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
CVE-2025-62725 Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987650)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987650 advisory. In the Linux kernel, the following vulnerability has been resolved: net: ipv6: unexport init-annotated seg6hmacinit EXPORTSYMBOL and init is a bad combination becaus...
org.springframework.security/spring-security-core: Spring Security authorization bypass
The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization...
org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability
The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions...
Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.7 for Spring Boot release.
Red Hat build of Apache Camel 4.10.7 for Spring Boot patch release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...