61 matches found
EUVD-2021-29233
Malicious code in bioql PyPI...
EUVD-2025-25550
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-38652
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix to avoid out-of-boundary access in devs.path - touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - truncate -s $102410241024 ...
SUSE CVE-2025-38652
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in devs.path - touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - truncate -s $102410241024 \ /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - touc...
DEBIAN-CVE-2025-38652
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in devs.path - touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - truncate -s $102410241024 \ /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - touc...
UBUNTU-CVE-2025-38652
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in devs.path - touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - truncate -s $102410241024 \ /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - touc...
CVE-2025-38652
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in devs.path - touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - truncate -s $102410241024 \ /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - touc...
CVE-2025-38652 f2fs: fix to avoid out-of-boundary access in devs.path
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in devs.path - touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - truncate -s $102410241024 \ /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - touc...
CVE-2025-38652
CVE-2025-38652: In the Linux kernel, a f2fs path handling bug can cause out-of-bounds access when constructing devs.path for a device, due to sbi->devs.path[] not leaving space for the trailing null terminator. Root cause: device path storage (path[MAX_PATH_LEN]) can be fully filled, causing p...
CVE-2025-38652 f2fs: fix to avoid out-of-boundary access in devs.path
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid out-of-boundary access in devs.path - touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - truncate -s $102410241024 \ /mnt/f2fs/012345678901234567890123456789012345678901234567890123 - touc...
BIT-HELM-2025-55199 Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory OOM termination. This issue has been resolved in Helm 3.18.5. A workaround involves...
Linux Distros Unpatched Vulnerability : CVE-2018-7566
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Linux kernel 4.15 has a Buffer Overflow via an SNDRVSEQIOCTLSETCLIENTPOOL ioctl write operation to /dev/snd/seq by a local user. CVE-2018-7566 Note that...
CVE-2025-47782
motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...
Remote Code Execution (RCE)
motioneye is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of the constructed camera device path in the add/addcamera web API, which allows an attacker with admin credentials to execute arbitrary commands...
motionEye 操作系统命令注入漏洞
motionEye is a daemon web front-end for motionEye open source. A security vulnerability exists in motionEye versions 0.43.1b1 through 0.43.1b3, which stems from a constructed device path that could lead to the execution of arbitrary commands as the motion user...
UBUNTU-CVE-2025-21679
In the Linux kernel, the following vulnerability has been resolved: btrfs: add the missing error handling inside getcanonicaldevpath Inside function getcanonicaldevpath, we call dpath to get the final device path. But dpath can return error, and in that case the next strscpy call will trigger an...
CVE-2025-21679
CVE-2025-21679—Linux kernel (btrfs): The issue arises in get_canonical_dev_path() where d_path()’s possible error is not handled, causing an invalid memory access on the subsequent strscpy() call. The patch reintroduces proper error handling for d_path() to prevent the memory access, addressing t...
PT-2025-34413
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel related to out-of-boundary access within the f2fs filesystem when handling device paths. Specifically, if the device path length reaches MAX PATH LEN,...
CVE-2024-3787
Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes SSI, through S3 disks /admin/DeviceS3. Exploitation of this vulnerability could allow a remote user to execute arbitrary code...
SUSE CVE-2023-52652
In the Linux kernel, the following vulnerability has been resolved: NTB: fix possible name leak in ntbregisterdevice If deviceregister fails in ntbregisterdevice, the device name allocated by devsetname should be freed. As per the comment in deviceregister, callers should use putdevice to give up...