The vulnerability of the SAML (Security Assertion Markup Language) technology used in Git-based software platforms for collaborative code development on GitLab allows attackers to increase their privileges.

The vulnerability of the SAML Security Assertion Markup Language technology used in Git-based software platforms for collaborative code development on GitLab is related to deficiencies in the authentication process. Exploiting this vulnerability could allow attackers to increase their privileges...

DEBIAN-CVE-2024-58068

In the Linux kernel, the following vulnerability has been resolved: OPP: fix devpmoppfindbw when bandwidth table not initialized If a driver calls devpmoppfindbwceil/floor the retrieve bandwidth from the OPP table but the bandwidth table was not created because the interconnect properties were...

CVE-2024-58068 OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized

In the Linux kernel, the following vulnerability has been resolved: OPP: fix devpmoppfindbw when bandwidth table not initialized If a driver calls devpmoppfindbwceil/floor the retrieve bandwidth from the OPP table but the bandwidth table was not created because the interconnect properties were...

Linux Distros Unpatched Vulnerability : CVE-2025-21754

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion failure when splitting ordered extent after transaction abort If while...

Improper Authentication

Rancher is vulnerable to Improper Authentication. The vulnerability is due to improper validation of SAML assertion data due to Rancher trusting and using unvalidated values in authentication cookies, allowing attackers to manipulate session data and escalate privileges...

Linux Distros Unpatched Vulnerability : CVE-2022-32978

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan. CVE-2022-32978...

Linux Distros Unpatched Vulnerability : CVE-2024-25445

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure. CVE-2024-25445 Note that Nessus relies o...

Linux Distros Unpatched Vulnerability : CVE-2022-27939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in getlayer4v6 in common/get.c. CVE-2022-27939 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2017-3145

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an...

Linux Distros Unpatched Vulnerability : CVE-2017-11368

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In MIT Kerberos 5 aka krb5 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests...

Linux Distros Unpatched Vulnerability : CVE-2017-9141

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missi...

Linux Distros Unpatched Vulnerability : CVE-2017-3137

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in...

Linux Distros Unpatched Vulnerability : CVE-2009-5155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the GNU C Library aka glibc or libc6 before 2.28, parseregexp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service...

CVE-2025-21754

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion failure when splitting ordered extent after transaction abort If while we are doing a direct IO write a transaction abort happens, we mark all existing ordered extents with the BTRFSORDEREDIOERR flag done at...

SUSE CVE-2022-49086

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix leak of nested actions While parsing user-provided actions, openvswitch module may dynamically allocate memory and store pointers in the internal copy of the actions. So this memory has to be freed while...

CVE-2025-21754 btrfs: fix assertion failure when splitting ordered extent after transaction abort

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion failure when splitting ordered extent after transaction abort If while we are doing a direct IO write a transaction abort happens, we mark all existing ordered extents with the BTRFSORDEREDIOERR flag done at...

CVE-2025-21754

The CVE-2025-21754 affects Linux kernel btrfs behavior. When a direct IO write triggers a transaction abort, ordered extents are marked with BTRFS_ORDERED_IOERR, and if an ordered extent still has bytes remaining, btrfs_split_ordered_extent() asserts on flags. The documented root cause is an asse...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the btrfssplitorderedextent function not properly handling the BTRFSORDEREDIOERR flag when handling a...

DEBIAN-CVE-2022-49089

In the Linux kernel, the following vulnerability has been resolved: IB/rdmavt: add lock to call to rvterrorqp to prevent a race condition The documentation of the function rvterrorqp says both rlock and slock need to be held when calling that function. It also asserts using lockdep that both of...

DEBIAN-CVE-2022-49086

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix leak of nested actions While parsing user-provided actions, openvswitch module may dynamically allocate memory and store pointers in the internal copy of the actions. So this memory has to be freed while...