ISC BIND DoS Vulnerability (CVE-2025-8677) - Linux

ISC BIND is prone to a denial of service DoS vulnerability via malformed DNSKEY handling. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

cobbler-file-read-exploit

Cobbler XML-RPC Arbitrary File Read Exploit !Python Version...

EUVD-2019-6811

Malware in sbrugna...

Stable Channel Update for Desktop

The Stable channel has been updated to 141.0.7390.65/.66 for Windows and Mac and 141.0.7390.65 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...

EUVD-2025-32292

Malicious code in bioql PyPI...

EUVD-2022-27915

Malicious code in bioql PyPI...

EUVD-2025-32099

Malicious code in bioql PyPI...

CVE-2025-54293

Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links...

CVE-2025-54293

Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links...

CVE-2025-54293 Path Traversal in LXD Instance Log File Retrieval

Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links...

CVE-2025-54286

Cross-Site Request Forgery CSRF in LXD-UI in Canonical LXD versions = 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted HTML form submissions exploiting client certificate authentication...

CVE-2025-54290

CVE-2025-54290 affects Canonical LXD before 6.5 and 5.21.4 on Linux. The vulnerability lies in the image export API, where error handling and LIKE wildcard matching can reveal project existence without authentication. An attacker can remotely determine whether a project exists by sending crafted ...

CVE-2025-54290

Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using wildcard fingerprints...

idm:DL1 security update

bind-dyndb-ldap 11.6-6 - Fix rpminspect warnings Resolves: RHEL-22497 custodia ipa 4.9.13-20.0.1 - Set IPAPLATFORM=rhel when build on Oracle Linux Orabug: 29516674 4.9.13-20 - Refactor ipatests for unique krbcanonicalname Resolves: RHEL-110061 4.9.13-19 - Enforce uniqueness across krbprincipalnam...

OpenSSL DoS Vulnerability (20250930, CVE-2025-9230) - Linux

OpenSSL is prone to a denial of service DoS vulnerability due to a out-of-bounds read & write in RFC 3211 KEK Unwrap. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2025-8868

In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token...

CVE-2025-6724

In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via improperly neutralized inputs used in an SQL command...

CVE-2025-8868

In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token...

CVE-2025-8868 Chef Automate compliance service SQL Injection Vulnerability

In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token...

CVE-2025-6724

CVE-2025-6724 affects Chef Automate on Linux x86, prior to 4.13.295, where an authenticated attacker can access restricted functionality in multiple services due to improperly neutralized inputs used in an SQL command. The root cause is input handling that enables SQL injection. Exploitation deta...