Linux Distros Unpatched Vulnerability : CVE-2025-38584

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - padata: Fix pd UAF once and for all There is a race condition/UAF in padatareorder that goes back to the initial commit. A reference count is taken at the start...

USN-7704-5 linux-gke, linux-kvm vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Arm Firmware Framework for ARMv8-AFFA; - Multiple devices driver; - Media drivers; - Network...

TencentOS Server 4: golang (TSSA-2025:0679)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0679 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Linux Distros Unpatched Vulnerability : CVE-2022-21797

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...

Linux Distros Unpatched Vulnerability : CVE-2011-4115

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files. CVE-2011-4115 Note that Nessus relies on the presence of the packag...

SUSE CVE-2025-38626

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to trigger foreground gc during f2fsmapblocks in lfs mode w/ "mode=lfs" mount option, generic/299 will cause system panic as below: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2835! Call Trace:...

CVE-2025-38626

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to trigger foreground gc during f2fsmapblocks in lfs mode w/ "mode=lfs" mount option, generic/299 will cause system panic as below: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2835! Call Trace:...

USN-7704-4: Linux kernel (NVIDIA) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Arm Firmware Framework for ARMv8-AFFA; - Multiple devices driver; - Media drivers; - Network...

CVE-2025-50461

A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/modelmerger.py script when using the "fsdp" backend. The script calls torch.load with weightsonly=False on user-supplied .pt files, allowing attackers to execute arbitrary code if a maliciously crafted...

USN-7704-3: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Arm Firmware Framework for ARMv8-AFFA; - Multiple devices driver; - Media drivers; - Network...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-7704-1)

"The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7704-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update...

CVE-2025-50461

A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/modelmerger.py script when using the "fsdp" backend. The script calls torch.load with weightsonly=False on user-supplied .pt files, allowing attackers to execute arbitrary code if a maliciously crafted...

PT-2025-33729 · Volcengine · Volcengine Verl

Name of the Vulnerable Software and Affected Versions: Volcengine versions 3.0.0 Description: A deserialization vulnerability exists in Volcengine's scripts/model merger.py script when using the "fsdp" backend. The script calls torch.load with weights only=False on user-supplied .pt files, allowi...

CVE-2025-50461

CVE-2025-50461 describes a deserialization vulnerability in Volcengine Verl 3.0.0, specifically in scripts/model_merger.py when using the "fsdp" backend. The code calls torch.load() with weights_only=False on user-supplied .pt files, enabling arbitrary code execution if a malicious model file is ...

CVE-2025-50461

A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/modelmerger.py script when using the "fsdp" backend. The script calls torch.load with weightsonly=False on user-supplied .pt files, allowing attackers to execute arbitrary code if a maliciously crafted...

Linux Distros Unpatched Vulnerability : CVE-2022-39282

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using /parallel command line switch might read uninitialize...

Malicious code in rails_parallel (npm)

The package railsparallel was found to contain malicious code...

Malicious code in limited-parallel-loop (npm)

The package limited-parallel-loop was found to contain malicious code...

scraping-eksi (>=0.0.0 <=1.0.1) potentially affected by unknown CVE via limited-parallel-loop (=0.0.0)

limited-parallel-loop NPM version =0.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on limited-parallel-loop and may be impacted: - scraping-eksi =0.0.0, =1.0.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-25373...

brick-node (>=0.0.0 <=0.0.17), change-object (=0.0.0) +9 more potentially affected by unknown CVE via pause-function (=0.0.1)

pause-function NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on pause-function and may be impacted: - brick-node =0.0.0, =1.16.0, =0.0.0, =1.0.1 - stream-format =0.0.3 Source cves: unknown CVE Source advisory: OSV:MAL-2025-28923...