7974 matches found
UBUNTU-CVE-2025-15469
Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms such as Ed25519, Ed448, or ML-DSA m...
CVE-2025-59104
With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint or use the 6-Pin tag-connect cable. Thus, the attacker gains access to the bootloader, where the kernel command line can be changed. An attacker is able to gain a root shell through...
CVE-2025-59104
The CVE-2025-59104 issue affects a dormakaba access manager where an attacker with physical access can solder to the debug footprint or connect a 6-Pin tag‑connect cable to access the bootloader. The vulnerable vector allows changing the kernel command line and ultimately obtaining a root shell. ...
CVE-2025-59104 Unlocked Bootloader in dormakaba access manager
With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint or use the 6-Pin tag-connect cable. Thus, the attacker gains access to the bootloader, where the kernel command line can be changed. An attacker is able to gain a root shell through...
CVE-2025-59104 Unlocked Bootloader in dormakaba access manager
With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint or use the 6-Pin tag-connect cable. Thus, the attacker gains access to the bootloader, where the kernel command line can be changed. An attacker is able to gain a root shell through...
CVE-2025-59104
With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint or use the 6-Pin tag-connect cable. Thus, the attacker gains access to the bootloader, where the kernel command line can be changed. An attacker is able to gain a root shell through...
EUVD-2025-206371
With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint or use the 6-Pin tag-connect cable. Thus, the attacker gains access to the bootloader, where the kernel command line can be changed. An attacker is able to gain a root shell through...
PT-2026-4754
With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint or use the 6-Pin tag-connect cable. Thus, the attacker gains access to the bootloader, where the kernel command line can be changed. An attacker is able to gain a root shell through...
CVE-2026-24049 vulnerabilities
Vulnerabilities for packages: py3-virtualenv, airflow, emissary, aws-cli, open-webui, pypy-3.11, dask-kubernetes, semgrep, superset, kubeflow-jupyter-web-app, pip-zipapp, pypy-3.10, tensorflow-cpu-jupyter, kubeflow-katib, py3-setuptools, mlflow, datadog-agent, kserve...
CVE-2026-24049 vulnerabilities
Vulnerabilities for packages: text-generation-inference, datadog-agent, nemo, kserve, py3-virtualenv, py3.9-setuptools, tritonserver-backend-vllm-cuda-12.9, py3-setuptools, pip-zipapp, ansible-operator-fips, opal, request-1276, tensorflow-gpu-jupyter, dask-kubernetes, spamcheck, authentik-fips,...
CVE-2026-23831 vulnerabilities
Vulnerabilities for packages: flux-source-controller, buildkitd, cosign, image-factory-fips, cosign-fips, kyverno, gitsign, tekton-chains, tflint, zot, ratify, crossplane, policy-controller-fips, skaffold-fips, vexctl, kyverno-policy-reporter-plugins-kyverno, falcoctl, teleport, tekton-chains-fip...
Security update for azure-cli-core
This update for azure-cli-core fixes the following issues: CVE-2025-24049: Fix improper neutralization of special elements used in a command which allows an unauthorized attacker to elevate privileges locally. bsc1239460 Patch Instructions: To install this SUSE update use the SUSE recommended...
[SECURITY] Fedora 42 Update: hcloud-1.59.0-1.fc42
A command-line interface for Hetzner Cloud...
openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand
A flaw was found in OpenSSH where control characters in usernames were not properly validated when sourced from untrusted inputs like the command line or configuration expansion. If a ProxyCommand is used, these control characters could modify command behavior, potentially leading to code executi...
Azure Linux 3.0 Security Update: librabbitmq (CVE-2023-35789)
The version of librabbitmq installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-35789 advisory. - An issue was discovered in the C AMQP client library aka rabbitmq-c through 0.13.0 for RabbitMQ...
Azure Linux 3.0 Security Update: gh (CVE-2025-25204)
The version of gh installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-25204 advisory. - gh is GitHub's official command line tool. Starting in version 2.49.0 and prior to version 2.67.0, under certain...
EUVD-2026-4138
@backstage/cli-common has a possible resolveSafeChildPath Symlink Chain Bypass...
CVE-2026-21939
Vulnerability in the SQLcl component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where SQLcl executes to compromise SQLcl. Successful attacks require human...
MiracleLinux 9 : python-wheel-0.36.2-8.el9 (AXSA:2023-6974:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6974:01 advisory. python-wheel: remote attackers can cause denial of service via attacker controlled input to wheel cli CVE-2022-40898 Tenable has extracted the preceding...
Linux Distros Unpatched Vulnerability : CVE-2026-23535
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when...