120 matches found
CVE-2025-4374 Quay: incorrect privilege assignment
A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository...
PT-2025-19956 · Quay · Quay
Name of the Vulnerable Software and Affected Versions: Quay affected versions not specified Description: A flaw was found in Quay where an organization acting as a proxy cache grants "Admin" permissions on a newly created repository when a user or robot pulls an image that hasn't been mirrored ye...
CVE-2025-22018 atm: Fix NULL pointer dereference
In the Linux kernel, the following vulnerability has been resolved: atm: Fix NULL pointer dereference When MPOAcacheimposrcvd receives the msg, it can trigger Null Pointer Dereference Vulnerability if both entry and holdingtime are NULL. Because there is only for the situation where entry is NULL...
PT-2025-15757 · Xgrammar · Xgrammar
Name of the Vulnerable Software and Affected Versions: XGrammar versions prior to 0.1.18 Description: The issue concerns an unbounded cache for compiled grammars in memory, which can be exploited to cause a denial of service by filling up a host's memory. This can occur when a system using XGramm...
macOS 13.x < 13.7.5 Multiple Vulnerabilities (122375)
The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.7.5. It is, therefore, affected by multiple vulnerabilities: - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3...
CVE-2025-31469
CVE-2025-31469 is a Missing Authorization vulnerability in the Clear Sucuri Cache WordPress plugin. Affected: Clear Sucuri Cache
CVE-2025-2888
CVE-2025-2888 affects the Amazon tough client (The Update Framework) where, during a snapshot rollback, the client incorrectly caches timestamp metadata. If the next update checks this cache, update timestamp validation may fail, blocking subsequent updates until the cache is cleared. The issue i...
CVE-2023-52982
In the Linux kernel, the following vulnerability has been resolved: fscache: Use waitonbit to wait for the freeing of relinquished volume The freeing of relinquished volume will wake up the pending volume acquisition by using wakeupbit, however it is mismatched with waitvarevent used in...
PT-2025-11696 · Vllm · Vllm
Name of the Vulnerable Software and Affected Versions: vLLM versions prior to 0.8.0 Description: The issue is related to the outlines library used by vLLM for structured output, which has an optional cache for compiled grammars on the local filesystem. This cache is enabled by default. A maliciou...
Important: kernel-livepatch-4.14.355-275.572
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun CVE-2024-49995 In the Linux kernel, the following vulnerability has been resolved: dm cache: fix out-of-bounds access to the dirty bitset when resizing CVE-2024-50279...
Linux Distros Unpatched Vulnerability : CVE-2024-41031
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/filemap: skip to create PMD-sized page cache if needed On ARM64, HPAGEPMDORDER is 13 when the base page size is 64KB. The PMD-sized page cache can't be...
Linux Distros Unpatched Vulnerability : CVE-2024-42241
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/shmem: disable PMD-sized page cache if needed For shmem files, it's possible that PMD-sized page cache can't be supported by xarray. For example, 512MB page...
Security Bulletin: Multiple vulnerabilities in libcURL affect IBM DevOps Code ClearCase.
Summary libcURL vulnerabilities were disclosed by the libcURL Project. libcURL is used by IBM DevOps Code ClearCase. CVE-2024-7264, CVE-2024-9681 Vulnerability Details CVEID:CVE-2024-7264 DESCRIPTION: cURL libcurl could allow a local attacker to obtain sensitive information, caused by an...
CVE-2025-21811 nilfs2: protect access to buffers with no active references
In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect access to buffers with no active references nilfslookupdirtydatabuffers, which iterates through the buffers attached to dirty data folios/pages, accesses the attached buffers without locking the folios/pages. For...
EulerOS 2.0 SP11 : curl (EulerOS-SA-2025-1151)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than...
EulerOS 2.0 SP12 : curl (EulerOS-SA-2025-1186)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than...
CVE-2022-31167
XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Starting with version 5.0 and prior to 12.10.11, 13.10.1, and 13.4.6, a bug in the security cache stores rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entr...
Security update for curl
This update for curl fixes the following issues: CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry bsc1232528 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comma...
CVE-2024-51491
notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List CRL based revocation check feature. After retrieving the CRL, notation-go...
CVE-2024-56169
A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties such as Fort are supposed to maintain a backup cache of the remote RPKI data. This can be employed as a fallback in case a new fetch fails or yields incorrect files. However, the product currently...