ROS-20260119-7394

A vulnerability in the teamportadd function of the drivers/net/team/teamcore.c component of the Linux operating system kernel is related to insufficient blocking. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001467)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001467 advisory. A vulnerability was found in Linux kernel where non-blocking socket in llcpsockconnect leads to leak and eventually hanging-up the system. Tenable has extracted the...

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.181-2.6.14.1.AXS4 (AXSA:2018-2999:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2999:02 advisory. OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass Hotspot, 8192025 CVE-2018-2814 OpenJDK: unrestricted deserialization of...

Fedora 42 : composer (2026-13b4dbe546)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-13b4dbe546 advisory. Version 2.9.3 - 2025-12-30 Security: Fixed ANSI sequence injection GHSA-59pp-r3rg-353g / CVE-2025-67746 Fixed COMPOSERNOSECURITYBLOCKING env var not being...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: Do not block the input queue by waiting for the MSC response. Currently, the gsmqueue function processes incoming frames. When opening a DLC channel, it calls gsmdlciopen, which in turn calls gsmmodemupdate. If the bas...

ROS-20260113-7388

A vulnerability in the rtlwifi component of the Linux operating system kernel is related to insufficient blocking. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

MiracleLinux 9 : thunderbird-128.10.1-1.el9_6.ML.1 (AXSA:2025-10505:15)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10505:15 advisory. thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link CVE-2025-3909 thunderbird: Sender Spoofing via Malformed From Header...

Fedora 43 : composer (2026-0b03072979)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-0b03072979 advisory. Version 2.9.3 - 2025-12-30 Security: Fixed ANSI sequence injection GHSA-59pp-r3rg-353g / CVE-2025-67746 Fixed COMPOSERNOSECURITYBLOCKING env var not being...

ROS-20260112-7328

A vulnerability in the pageattr.c component of the Linux operating system kernel is related to the use of blocking code in a single-threaded, non-blocking context. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260112-7349

A vulnerability in the ondemand.c component of the Linux operating system kernel is related to insufficient blocking. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2021-31552

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly executed certain rules related to blocking accounts after account creation. Such rules would allow for user accounts to be created while blocking only the IP address used to create an account and not...

CVE-2019-20070

On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi aka the Keyword field of the URL Blocking Configuration...

CVE-2020-10212

upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because file-extension blocking is mishandled and because it is possible for a DNS hostname to resolve to an internal IP address. For example, an SSRF attempt may succeed if a .ico filename is added to the...

SUSE CVE-2025-69229

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read method in an endpoint, it...

Cisco IOS XE Software for Catalyst 9000 Series Switches DoS (cisco-sa-cat9k-PtmD7bgy)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the handling of certain Ethernet frames in Cisco IOS XE Software for Catalyst 9000 Series Switches could allow an unauthenticated, adjacent attacker to cause an egress port to become...

AZL-73512 CVE-2025-69229 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read method in an endpoint, it...

CVE-2025-69229

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read method in an endpoint, it...

AZL-73535 CVE-2025-69229 affecting package python-aiohttp 3.6.2-3

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read method in an endpoint, it...

UBUNTU-CVE-2025-69229

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read method in an endpoint, it...

aiohttp 安全漏洞

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs open source. A security vulnerability exists in aiohttp 3.13.2 and earlier versions, which stems from a potential excessive CPU blocking when processing a large number of chunked messages, whi...