Erlang/OTP (Erlang OTP) DoS Vulnerability (Mar 2025) - Linux

Erlang/OTP Erlang OTP is prone to a denial of service DoS vulnerability in the SSH component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...

Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT

Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service DDoS malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States. "From 2020 to 2023, the XorDDoS trojan has increased significantly...

Oracle MySQL Server <= 8.0.41, 8.1 <= 8.4.4, 9.0 <= 9.2.0 Security Update (cpuapr2025) - Linux

Oracle MySQL Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:mysql"; if...

Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool

The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called VShell to infect Linux systems. "Threat actors are increasingly using open source tools in their arsenals for...

CVE-2025-31344

Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C. This issue affects giflib: through 5.2.2...

CVE-2024-13861

A code injection vulnerability in the Debian package component of Taegis Endpoint Agent Linux versions older than 1.3.10 allows local users arbitrary code execution as root. Redhat-based systems using RPM packages are not affected...

[SECURITY] Fedora 40 Update: exim-4.98.2-1.fc40

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

MAL-2025-2547 Malicious code in github.com/shadowybulk/hypert (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 80a941bac0303482eb50ebe17fbfa05f22640a3932940be16100c6a1c0357a04 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

MAL-2025-2544 Malicious code in github.com/belatedplanet/hypert (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security ae6bd303b29130f3970f2f526b9c704e4fa0905fa4b3e015542213f4aaf5f701 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

MAL-2025-2551 Malicious code in github.com/vainreboot/layout (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security cd535431a1bde903495e71799081c385016d84659ac004c1c57c0d81e311ee59 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

MAL-2025-2550 Malicious code in github.com/utilizedsun/layout (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security c1511f2ec5bec408a1a2febf7d6a7bc0db05b5af4870679ef43223ecff5f000d Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

MAL-2025-2548 Malicious code in github.com/shallowmulti/hypert (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 25d0e55a48f82ab8ddd5e90d258c133505fa7fea03b775c1987e0dd7f9453f08 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

MAL-2025-2549 Malicious code in github.com/thankfulmai/hypert (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 3fb8eb4f90f5b6657c77cd4876445c068cc53ec74237d2ec559dd21c3c876fc4 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

MAL-2025-2546 Malicious code in github.com/ornatedoctrin/layout (Go)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 9edf608032bbc84563da5c04376d6add49123c8fdba94883c239857eb45afc40 Malcious typosquatting Go packages targeting Linux and macOS systems used to as a loader to download and run another malicious payload...

CVE-2024-26290 Authenticated Remote Command Injection affecting Avid NEXIS

Improper Input Validation vulnerability in Avid Avid NEXIS E-series on Linux, Avid Avid NEXIS F-series on Linux, Avid Avid NEXIS PRO+ on Linux, Avid System Director Appliance SDA+ on Linux allows code execution on underlying operating system with root permissions.This issue affects Avid NEXIS...

Unity Parsec Installed (Linux / Unix)

Binary data unityparsecnixinstalled.nbin...

Apache Tomcat RCE Vulnerability (Mar 2025) - Linux

Apache Tomcat is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Django 4.x < 4.2.20, 5.0.x < 5.0.13, 5.1.x < 5.1.7 DoS Vulnerability - Linux

Django is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; ...

Linux Distros Unpatched Vulnerability : CVE-2024-7964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HT...

Linux Distros Unpatched Vulnerability : CVE-2018-18455

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted pdf file, ...