1042 matches found
Huawei EulerOS: Security Advisory for python-requests (EulerOS-SA-2025-1208)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 2.12.0 : python-requests (EulerOS-SA-2025-1574)
According to the versions of the python-requests package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file. This...
The vulnerability of the uclamp_bucket_id() function in the kernel/sched/core.c module, which is part of the Linux operating system’s resource management support mechanism, allows a hacker to gain access to protected information or cause service failures.
The vulnerability of the uclampbucketid function in the kernel/sched/core.c module related to the Linux operating system’s resource management support involves reading beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to access protected information or cause...
CVE-2025-0782
A vulnerability in the S3 bucket configuration for h2oai/h2o-3 allows public write access to the 'h2o-release' bucket. This issue affects all versions and could enable an attacker to overwrite any file in the bucket. As users download binary files such as JARs from this bucket, this vulnerability...
CVE-2025-0782
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2025-0782
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2025-0782
CVE-2025-0782 is tied to a vulnerability in the S3 bucket configuration used by h2oai/h2o-3, where public write access to the bucket named “h2o-release” could allow an attacker to overwrite any file and potentially enable remote code execution for users downloading binaries. The primary exploit v...
CVE-2025-0782
...
CVE-2025-0782
...
DEBIAN-CVE-2023-53072
In the Linux kernel, the following vulnerability has been resolved: mptcp: use the workqueue to destroy unaccepted sockets Christoph reported a UaF at token lookup time after having refactored the passive socket initialization part: BUG: KASAN: use-after-free in tokenbucketbusy+0x253/0x260 Read o...
PT-2025-18919 · H2O.Ai · H2O-3
Name of the Vulnerable Software and Affected Versions: h2oai/h2o-3 affected versions not specified Description: A vulnerability in the S3 bucket configuration allows public write access to the 'h2o-release' bucket. This could enable an attacker to overwrite any file in the bucket, potentially...
SUSE CVE-2025-38637
In the Linux kernel, the following vulnerability has been resolved: netsched: skbprio: Remove overly strict queue assertions In the current implementation, skbprio enqueue/dequeue contains an assertion that fails under certain conditions when SKBPRIO is used as a child qdisc under TBF with specif...
DEBIAN-CVE-2025-38637
In the Linux kernel, the following vulnerability has been resolved: netsched: skbprio: Remove overly strict queue assertions In the current implementation, skbprio enqueue/dequeue contains an assertion that fails under certain conditions when SKBPRIO is used as a child qdisc under TBF with specif...
UBUNTU-CVE-2025-38637
In the Linux kernel, the following vulnerability has been resolved: netsched: skbprio: Remove overly strict queue assertions In the current implementation, skbprio enqueue/dequeue contains an assertion that fails under certain conditions when SKBPRIO is used as a child qdisc under TBF with specif...
DEBIAN-CVE-2025-22061
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fix qid report in airohatcgethtbgetleafqueue Fix the following kernel warning deleting HTB offloaded leafs and/or root HTB qdisc in airohaeth driver properly reporting qid in airohatcgethtbgetleafqueue routine. $tc...
MinIO performs incomplete signature validation for unsigned-trailer uploads
Impact This is a high priority vulnerability and users must upgrade ASAP. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on the bucket, Prior...
CVE-2025-31489
A flaw was found in the Minio package. The signature component of the authorization may be invalid, which would mean that, as a client, you can use any arbitrary secret to upload objects, given the user already has prior WRITE permissions on the bucket. Prior knowledge of the access key and bucke...
CVE-2025-31489 MinIO performs incomplete signature validation for unsigned-trailer uploads
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...
CVE-2025-31489
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...
PT-2025-14797
Name of the Vulnerable Software and Affected Versions: MinIO versions prior to RELEASE.2025-04-03T14-56-28Z Description: The issue concerns an authorization flaw in MinIO, a high-performance object storage system. This flaw allows a client with prior WRITE permissions on a bucket to upload object...