CVE-2025-68284

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds writes in handleauthsessionkey The len field originates from untrusted network packets. Boundary checks have been added to prevent potential out-of-bounds writes when decrypting the...

UBUNTU-CVE-2025-68284

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds writes in handleauthsessionkey The len field originates from untrusted network packets. Boundary checks have been added to prevent potential out-of-bounds writes when decrypting the...

CVE-2025-68284 libceph: prevent potential out-of-bounds writes in handle_auth_session_key()

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds writes in handleauthsessionkey The len field originates from untrusted network packets. Boundary checks have been added to prevent potential out-of-bounds writes when decrypting the...

CVE-2025-68284

CVE-2025-68284 concerns the Linux kernel/libceph: the issue arises from handling the authentication session key where the len field comes from untrusted network packets. The patch adds boundary checks to prevent potential out-of-bounds writes when decrypting the connection secret or processing se...

CVE-2025-68284 libceph: prevent potential out-of-bounds writes in handle_auth_session_key()

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds writes in handleauthsessionkey The len field originates from untrusted network packets. Boundary checks have been added to prevent potential out-of-bounds writes when decrypting the...

UBUNTU-CVE-2025-40362

In the Linux kernel, the following vulnerability has been resolved: ceph: fix multifs mds auth caps issue The mds auth caps check should also validate the fsname along with the associated caps. Not doing so would result in applying the mds auth caps of one fs on to the other fs in a multifs ceph...

CVE-2025-40362

In the Linux kernel, the following vulnerability has been resolved: ceph: fix multifs mds auth caps issue The mds auth caps check should also validate the fsname along with the associated caps. Not doing so would result in applying the mds auth caps of one fs on to the other fs in a multifs ceph...

Malicious Package

Overview sds-auth-ui is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

Malicious code in sds-auth-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c30a562f838b9db64453d7276cc2e0f4f63c1810fed94fd3e672a90e00d720b1 The package sds-auth-ui was found to contain malicious code. Source: ghsa-malware 4ebd619fe42c2229ad69655d504fa4e869ba861d01647c67418e624e066e0db2 An...

MAL-2025-192580 Malicious code in sds-auth-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c30a562f838b9db64453d7276cc2e0f4f63c1810fed94fd3e672a90e00d720b1 The package sds-auth-ui was found to contain malicious code. Source: ghsa-malware 4ebd619fe42c2229ad69655d504fa4e869ba861d01647c67418e624e066e0db2 An...

EUVD-2025-203505

Malicious code in sds-auth-ui npm...

django-daiquiri (>=1.3.0 <=1.3.1), django-jwt-allauth (>=1.0.3 <=1.2.0) +6 more potentially affected by CVE-2025-65431 via django-allauth (>=65.0.1 <=65.12.1)

django-allauth PYPI version =65.0.1, =1.3.0, =1.0.3, =0.3.8, =4.0.0, =3.11.3, =2.0.0, =1.1.1, =1.1.2 Source cves: CVE-2025-65431 Source advisory: SNYK:PYTHON-DJANGOALLAUTH-14425069...

EUVD-2025-203350

Malicious code in xboxlive-auth npm...

MAL-2025-192578 Malicious code in xboxlive-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1aa54accd06c11d8f868fa0bc7915782404360d01db3c5f80d735584ca984dc8 The package xboxlive-auth was found to contain malicious code. Source: ghsa-malware 330ca3dbdf0006df9f2a21edc3027e6f158c2ee2b4f7c26498a386198e869878...

Malicious Package

Overview xboxlive-auth is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in xboxlive-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1aa54accd06c11d8f868fa0bc7915782404360d01db3c5f80d735584ca984dc8 The package xboxlive-auth was found to contain malicious code. Source: ghsa-malware 330ca3dbdf0006df9f2a21edc3027e6f158c2ee2b4f7c26498a386198e869878...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.10.1.12)

The version of AOS installed on the remote host is prior to 6.10.1.12. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.10.1.12 advisory. - A heap-buffer-overflow off-by-one flaw was found in the GnuTLS software in the template parsing logic within the certto...

Node.js: Missing AES-GCM Authentication Tag Validation and Improper Deprecation Handling

Summary: In Node.js' crypto module, the createDecipheriv states that "the authTagLength option defaults to 16 bytes and must be set to a different value if a different length is used." here The authentication tag's length is however not validated against that default value and can be truncated do...

CVE-2025-14572

The CVE-2025-14572 entry covers a memory-corruption vulnerability in UTT Progressive 512W devices (UTT 进取 512W) up to version 1.7.7-171114. The flaw resides in the /goform/formWebAuthGlobalConfig handler, where manipulating the hidcontact parameter can trigger memory corruption, enabling remote e...

CVE-2025-67737 AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE

AzuraCast is a self-hosted, all-in-one web radio management suite. Versions 0.23.1 mistakenly include an API endpoint that is intended for internal use by the SFTP software sftpgo, exposing it to the public-facing HTTP API for AzuraCast installations. A user with specific internal knowledge of a...