CVE-2025-39717

CVE-2025-39717 concerns the Linux kernel and is described as resolved. The issue centers on open_tree_attr(2) and id-mapping changes: a bug in a previous commit allowed bypassing the restriction by calling open_tree_attr(2) without OPEN_TREE_CLONE, potentially enabling detached mounts to alter id...

CVE-2025-39717 open_tree_attr: do not allow id-mapping changes without OPEN_TREE_CLONE

In the Linux kernel, the following vulnerability has been resolved: opentreeattr: do not allow id-mapping changes without OPENTREECLONE As described in commit 7a54947e727b 'Merge patch series "fs: allow changing idmappings"', opentreeattr2 was necessary in order to allow for a detached mount to b...

CVE-2025-39717 open_tree_attr: do not allow id-mapping changes without OPEN_TREE_CLONE

In the Linux kernel, the following vulnerability has been resolved: opentreeattr: do not allow id-mapping changes without OPENTREECLONE As described in commit 7a54947e727b 'Merge patch series "fs: allow changing idmappings"', opentreeattr2 was necessary in order to allow for a detached mount to b...

PT-2025-36311

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw in open tree attr that allows bypassing a restriction intended to prevent id-mapping changes without the OPEN TREE CLONE flag. This bypass was introduc...

CVE-2025-38718

CVE-2025-38718 affects the Linux kernel SCTP implementation. The issue arises when cloning head skbs with fraglists, causing use-after-likes from sharing frag skbs and leading to uninitialized-value bugs (KMSAN) in sctp_inq_pop and related code paths. The fix patches sctp_rcv() to linearize clone...

clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns

...

Linux Distros Unpatched Vulnerability : CVE-2020-15108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In glpi before 9.5.1, there is a SQL injection for all usages of Clone feature. This has been fixed in 9.5.1. CVE-2020-15108 Note that Nessus relies on the...

GHSA-XQJR-WFX3-GMXV ArrayQueue's push_front is not panic-safe

The safe API arrayqueue::ArrayQueue::pushfront can lead to deallocating uninitialized memory if a panic occurs while invoking the clone method on the passed argument. Specifically, pushfront receives an argument that is intended to be cloned and pushed, whose type implements the Clone trait...

ArrayQueue's push_front is not panic-safe

The safe API arrayqueue::ArrayQueue::pushfront can lead to deallocating uninitialized memory if a panic occurs while invoking the clone method on the passed argument. Specifically, pushfront receives an argument that is intended to be cloned and pushed, whose type implements the Clone trait...

Linux Distros Unpatched Vulnerability : CVE-2024-32021

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that...

Linux Distros Unpatched Vulnerability : CVE-2022-50048

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: possible module reference underflow in error path dst-ops is set on whe...

Linux Distros Unpatched Vulnerability : CVE-2025-38499

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a moun...

Linux Distros Unpatched Vulnerability : CVE-2022-36788

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-based buffer overflow vulnerability exists in the TriangleMesh clone functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially-craft...

WordPress MultiSite Clone Duplicator plugin <= 1.5.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin MultiSite Clone Duplicator versions = 1.5.3...

Linux Distros Unpatched Vulnerability : CVE-2018-7032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM attacker to take...

Linux Distros Unpatched Vulnerability : CVE-2020-36604

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function. CVE-2020-36604 Note that Nessus relies on the presence of the package a...

Linux Distros Unpatched Vulnerability : CVE-2018-14912

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cgitcloneobjects in CGit before 1.2.1 has a directory traversal vulnerability when enable-http-clone=1 is not turned off, as demonstrated by a...

GHSA-6HGW-6X87-578X ImageMagick has Undefined Behavior (function-type-mismatch) in CloneSplayTree

Summary - Target: ImageMagick commit ecc9a5eb456747374bae8e07038ba10b3d8821b3 - Type: Undefined Behavior function-type-mismatch in splay tree cloning callback - Impact: Deterministic abort under UBSan DoS in sanitizer builds. No crash in a non-sanitized build; likely low security impact. - Trigge...

ImageMagick has Undefined Behavior (function-type-mismatch) in CloneSplayTree

Summary - Target: ImageMagick commit ecc9a5eb456747374bae8e07038ba10b3d8821b3 - Type: Undefined Behavior function-type-mismatch in splay tree cloning callback - Impact: Deterministic abort under UBSan DoS in sanitizer builds. No crash in a non-sanitized build; likely low security impact. - Trigge...

MAL-2025-191912 Malicious code in tronlinknet (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 61d63a54e62ad11fa6d3420324a6cd948450337ae9faf28d8372994c92c8f294 Package appears to be designed for private key exfiltration, but no known usage. The name appears to be related to the cryptocurrency TRX Tron / Tronix. Some...