IdMap from_iter may lead to uninitialized memory being freed on drop

Due to a flaw in the constructor idmap::IdMap::fromiter, ill-formed objects may be created in which the amount of actually initialized memory is less than what is expected by the fields of IdMap. Specifically, the field ids is initialized based on the capacity of the vector values, which is...

Linux Distros Unpatched Vulnerability : CVE-2019-1010057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component...

Linux Distros Unpatched Vulnerability : CVE-2022-1193

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details...

Linux Distros Unpatched Vulnerability : CVE-2022-35069

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b544e. CVE-2022-35069 Note that Nessus relies on the presenc...

Linux Distros Unpatched Vulnerability : CVE-2023-2030

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attack...

Linux Distros Unpatched Vulnerability : CVE-2024-0231

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft ...

Linux Distros Unpatched Vulnerability : CVE-2022-35065

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724. CVE-2022-35065 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2022-35060

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0a32. CVE-2022-35060 Note that Nessus relies on the presenc...

CVE-2025-55192

HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Prior to commit 2a3b80f, there is a code injection vulnerability in the GitHub Actions workflow .github/workflows/issues.yml. It does not affect users of the Home Assistant integration itself — it only impac...

CVE-2025-38511

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Clear all LMTT pages on alloc Our LMEM buffer objects are not cleared by default on alloc and during VF provisioning we only setup LMTT PTEs for the actually provisioned LMEM range. But beyond that valid range we might...

Linux Distros Unpatched Vulnerability : CVE-2022-50067

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: unset reloc control if transaction commit fails in preparetorelocate In btrfsrelocateblockgroup, the rc is allocated. Then btrfsrelocateblockgroup calls...

Linux Distros Unpatched Vulnerability : CVE-2024-35882

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Jan Schunk reports that his sma...

Malicious code in pre-commit-message-test (npm)

The package pre-commit-message-test was found to contain malicious code...

MAL-2025-29604 Malicious code in pre-commit-message-test (npm)

The package pre-commit-message-test was found to contain malicious code...

CVE-2025-55192 HomeAssistant-Tapo-Control Code Injection Vulnerability in issues.yml Workflow

HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Prior to commit 2a3b80f, there is a code injection vulnerability in the GitHub Actions workflow .github/workflows/issues.yml. It does not affect users of the Home Assistant integration itself — it only impac...

CVE-2025-55192

HomeAssistant-Tapo-Control exposes a code injection vulnerability in its GitHub Actions workflow .github/workflows/issues.yml, prior to commit 2a3b80f. The workflow directly inserts user-controlled content from the issue body (github.event.issue.body) into a Bash conditional without proper saniti...

CVE-2025-55192 HomeAssistant-Tapo-Control Code Injection Vulnerability in issues.yml Workflow

HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Prior to commit 2a3b80f, there is a code injection vulnerability in the GitHub Actions workflow .github/workflows/issues.yml. It does not affect users of the Home Assistant integration itself — it only impac...

CVE-2025-54800

Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...

RUSTSEC-2025-0049 User-defined implementations of the safe trait scratchpad::Tracking can cause heap buffer overflows

The get and set methods of the public trait scratchpad::Tracking interact with unsafe code regions in the crate, and they influence the computation of addresses returned as raw pointers. However, the trait itself is not marked as unsafe, meaning users may provide custom implementations under the...

PT-2025-34580 · Crates.Io · Scratchpad

The get and set methods of the public trait scratchpad::Tracking interact with unsafe code regions in the crate, and they influence the computation of addresses returned as raw pointers. However, the trait itself is not marked as unsafe, meaning users may provide custom implementations under the...