CVE-2023-20995

In captureImage of CustomizedSensor.cpp, there is a possible way to bypass the fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2021-37188

An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware because the bootloader does not verify that it is authentic, changing the behavior of the gateway...

Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals

The threat actors behind the Darcula phishing-as-a-service PhaaS platform have released new updates to their cybercrime suite with generative artificial intelligence GenAI capabilities. "This addition lowers the technical barrier for creating phishing pages, enabling less tech-savvy criminals to...

OneNav 安全漏洞

OneNav is a bookmark management tool from OneNav, Inc. A security vulnerability exists in OneNav version 1.1.0 that stems from a server-side request forgery in a customized header...

OneNav 安全漏洞

OneNav is a bookmark management tool from OneNav, Inc. A security vulnerability exists in OneNav version 1.1.0, which originates from cross-site scripting in customized headers...

Ollama Divide By Zero vulnerability

A vulnerability in ollama/ollama versions =0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can lead to a division by zero error in the ggufPadding function, causing the server to crash and resulting in a Denial of Service DoS attack...

CVE-2025-0312

A vulnerability in ollama/ollama versions =0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference. This can lead to a Denial of Service DoS attack via remote network...

CVE-2025-0315

CVE-2025-0315 affects Ollama (github.com/ollama/ollama) versions

osbuild-composer security update

An update is available for osbuild-composer. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A service for building customized OS artifacts, such as VM images an...

RLSA-2024:9456 Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...

CVE-2024-53740

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPSwings WooCommerce Ultimate Gift Card woocommerce-ultimate-gift-card allows Reflected XSS.This issue affects WooCommerce Ultimate Gift Card: from n/a through 2.9.1...

GitLab 输入验证错误漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. An input validation error vulnerability exists in GitLab that stems from a...

Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia

A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023. The espionage campaign targeted organizations in various sectors spanning government ministries in two different countries, an air...

CVE-2024-53740

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPSwings WooCommerce Ultimate Gift Card woocommerce-ultimate-gift-card allows Reflected XSS.This issue affects WooCommerce Ultimate Gift Card: from n/a through 2.9.1...

Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...

Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...

ROS-20240611-12

Vulnerability of the named DNS server daemon BIND is related to an operation overrunning the buffer boundaries in memory as a result of recursion during processing of received packets. as a result of uncontrolled recursion when processing received packets. Exploitation of the vulnerability could...

ALSA-2024:2961 Moderate: Image builder components bug fix, enhancement and security update

Image Builder is a service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Security Fixes: osbuild-composer: race condition may disable GPG verification for package repositories CVE-2024-2307 For more details about the security issues,...