73 matches found
kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr
In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in security.ima and then...
PT-2026-44144
Description Symfony's IsGranted'...', IsSignatureValid, and IsCsrfTokenValid... attributes allow you to define a methods: ... argument to only enforce these checks for the listed HTTP methods and skip them otherwise. E.g. an attribute defining methods: 'GET' would be ignored for a HEAD request. O...
EUVD-2026-24990
A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute xattr preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with writ...
GHSA-X4MC-MQM7-GG39 uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition
A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute xattr preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with writ...
CVE-2026-35354
A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute xattr preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with writ...
CVE-2026-35354 uutils coreutils mv Security Xattr TOCTOU Race in Cross-Device
A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute xattr preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with writ...
CVE-2026-35354 uutils coreutils mv Security Xattr TOCTOU Race in Cross-Device
A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute xattr preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with writ...
uutils coreutils 安全漏洞
uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. uutils coreutils has a security vulnerability. This vulnerability stems from the mv utility’s check-time-to-use-time flaw during cross-device operations. The extended attribute retention logic utilizes...
IBM Maximo Application Suite 安全漏洞
The IBM Maximo Application Suite is a single platform provided by IBM for intelligent asset management, monitoring, maintenance, computer vision, security, and reliability. There are security vulnerabilities in the 9.1, 9.0, 8.11, and 8.10 versions of the IBM Maximo Application Suite. These...
PT-2026-28066
Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...
CVE-2026-32635
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.3, 21.2.4, 20.3.18, and 19.2.20, a Cross-Site Scripting XSS vulnerability has been identified in the Angular runtime and compiler. It occurs whe...
EUVD-2026-12140
Angular vulnerable to XSS in i18n attribute bindings...
PT-2026-25384
Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-next.3 Angular versions prior to 21.2.4 Angular versions prior to 20.3.18 Angular versions prior to 19.2.20 Description A Cross-Site Scripting XSS issue exists in the Angular runtime and compiler. It occurs whe...
IBM Cloud Pak System 安全漏洞
IBM Cloud Pak System is a fully configurable and pre-integrated software-based full-stack, integrated infrastructure provided by IBM. This product supports deployment across hybrid cloud environments, as well as management and mobile application scenarios. There is a security vulnerability in IBM...
Linux Distros Unpatched Vulnerability : CVE-2025-68183
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA...
PT-2025-49726
In the Linux kernel, the following vulnerability has been resolved: ext4: don't clear SB RDONLY when remounting r/w until quota is re-enabled When a file system currently mounted read/only is remounted read/write, if we clear the SB RDONLY flag too early, before the quota is initialized, and ther...
Unspecified Vulnerability in HCL AION
HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability which is caused due to missing security attributes in the encrypted session SSL cookie. No details of the vulnerability are provided at this time...
HCL AION 安全漏洞
HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability which is caused due to missing security attributes in the encrypted session SSL cookie. No details of the vulnerability are provided at this time...
EUVD-2020-5987
Malware in sbrugna...
EUVD-2020-6197
Malware in sbrugna...