Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003780)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003780 advisory. Memory leaks in createresourcepool functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003997)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003997 advisory. Memory leaks in createresourcepool functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000445)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000445 advisory. Memory leaks in createresourcepool functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service...

Denial Of Service (DoS)

github.com/siderolabs/omni is vulnerable to Denial of service DoS. The vulnerability is due to improper validation of the resource metadata field in the isSensitiveSpec function, followed by an unchecked call to CreateResource, which allows an attacker to send empty create/update requests...

GO-2025-4021 Omni is Vulnerable to DoS via Empty Create/Update Resource Requests in github.com/siderolabs/omni

Omni is Vulnerable to DoS via Empty Create/Update Resource Requests in github.com/siderolabs/omni...

CVE-2025-59836

Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource reques...

CVE-2025-59836 Omni is Vulnerable to DoS via Empty Create/Update Resource Requests

Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource reques...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the isSensitiveSpec function which calls grpcomni.CreateResource without checking if the resource's metadata field is nil. An attacker can cause a server crash and disrupt service availability by sending emp...

Arbitrary File Write

github.com/usememos/memos is vulnerable to arbitrary file write. The vulnerability is due to improper validation of file paths in the CreateResource endpoint when storing objects locally, which allows an attacker to create files with path traversal sequences and write arbitrary files on the serve...

PT-2025-41805

Name of the Vulnerable Software and Affected Versions Omni versions prior to 1.1.5 Omni version 1.0.2 Description Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. A nil pointer dereference in the Omni Resource Service allows unauthenticated users to cause a server panic and...

EUVD-2018-13368

Malware in sbrugna...

SUSE CVE-2025-56760

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...

PT-2025-36654

Memos Vulnerable to Path Traversal via the CreateResource Endpoint in github.com/usememos/memos...

CVE-2025-56760

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...

Memos Vulnerable to Path Traversal via the CreateResource Endpoint

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...

GHSA-78J5-8VQ7-JXV5 Memos Vulnerable to Path Traversal via the CreateResource Endpoint

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the filepathTemplate parameter in the CreateResource endpoint, when objects are stored locally. An authenticated attacker can write arbitrary files to the server filesystem by submitting a crafted filename...

CVE-2025-56760

When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server...

CVE-2025-56760

CVE-2025-56760 affects Memos 0.22 when configured to store objects locally. The vulnerability arises from a path traversal sequence in the CreateResource endpoint name, enabling arbitrary file writes on the server. CVSSv3.1 metrics indicate Network access, Low attack complexity, and Low privilege...

Security Bulletin: UrbanCode Deploy users with create-resource permission for the standard resource type may create child resources inheriting custom types (CVE-2022-22315).

Summary Users in UrbanCode Deploy with create-resource permission for the standard resource type but not for a custom resource type, may create child resources inheriting that custom type. Vulnerability Details CVEID: CVE-2022-22315 DESCRIPTION: IBM UrbanCode Deploy UCD could allow an authenticat...