PT-2026-41882

A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. Because the build environment may contain credentials...

CVE-2023-43502

A cross-site request forgery CSRF vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes...

CVE-2019-16554

A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression...

CVE-2019-16555

A user-supplied regular expression in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier was processed in a way that wasn't interruptible, allowing attackers to have Jenkins evaluate a regular expression without the ability to interrupt this process...

Fedora 42 : tkimg (2025-419c60783f)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-419c60783f advisory. Update to 2.1.0. Update bundled libpng, libtiff, to latest versions. Built against TCL/TK 9. Fix FTBFS. Tenable has extracted the preceding...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987645)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987645 advisory. In the Linux kernel, the following vulnerability has been resolved: qede: confirm skb is allocated before using qedebuildskb assumes buildskb always works and goes...

EUVD-2013-6199

Malware in sbrugna...

EUVD-2023-2425

Malicious code in bioql PyPI...

EUVD-2022-2490

Malicious code in bioql PyPI...

EUVD-2022-5752

Malicious code in bioql PyPI...

xterm security update

366-12 - Rebuild because of build failure - Resolves: RHEL-94699 - Resolves: RHEL-103430 366-11 - Fix CVE-2022-24130 - Resolves: RHEL-94699 - Resolves: RHEL-103430...

Fedora 42 : chromium (2025-502faa722e)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-502faa722e advisory. Updated to 139.0.7258.127 CVE-2025-8879: Heap buffer overflow in libaom CVE-2025-8880: Race in V8 CVE-2025-8901: Out of bounds write in ANGLE...

CVE-2025-52992

The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and...

DEBIAN-CVE-2025-52992

The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and...

CVE-2025-52992

The CVE-2025-52992 entry covers a vulnerability in Nix, Lix, and Guix where permissions are not set correctly when a derivation build fails. Affected are Nix prior to 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix prior to 2.91.2, 2.92.2, and 2.93.1; and Guix prior to 1.4.0-38.0e79d5b. The underlying i...

CVE-2025-52992

The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and...

Nix、lix和GNU Guix 安全漏洞

GNU Guix is a product of the U.S. et all is a product of the U.S. GNU community. gnu guix is an open source, cross-platform program package manager. lix et all is a product of the lix open source. lix is a package manager. nix et all is a product of the Nix open source. nix is a powerful package...

SUSE CVE-2022-49119

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix memory leak in pm8001chipfwflashupdatereq In pm8001chipfwflashupdatebuild, if pm8001chipfwflashupdatebuild fails, the struct fwcontrolex allocated must be freed...

DEBIAN-CVE-2022-49119

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix memory leak in pm8001chipfwflashupdatereq In pm8001chipfwflashupdatebuild, if pm8001chipfwflashupdatebuild fails, the struct fwcontrolex allocated must be freed...

UBUNTU-CVE-2022-49121

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix tag leaks on error In pm8001chipsetdevstatereq, pm8001chipfwflashupdatereq, pm80xxchipphyctlreq and pm8001chipregdevreq add missing calls to pm8001tagfree to free the allocated tag when pm8001mpibuildcmd fails...