15 matches found
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : Nova vulnerability (USN-8049-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8049-1 advisory. Dan Smith discovered that Nova incorrectly called qemu-img without a format restriction when resizing disks. An attacker could possibly use th...
CVE-2026-24708
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...
Malicious code in @dev-blinq/blinqioclient (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3a1d417e283165e25dc75c9510f4bcdde80854ca5600090b4de220548e72ae1 The package @dev-blinq/blinqioclient was found to contain malicious code. Source: google-open-source-security...
MAL-2025-191375 Malicious code in @voiceflow/stitches-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06695269b63d5e1d5d67fbf2ec3e8ba8a46439f10a30ca584e674ad93dbf53f1 The package @voiceflow/stitches-react was found to contain malicious code. Source: ghsa-malware...
MAL-2025-190786 Malicious code in typeorm-orbit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1ef9bad1469b974150720a17445c8403c0b0cd2bd2dbb393948afc47f102f95 The package typeorm-orbit was found to contain malicious code. Source: ghsa-malware a8e95331758f44ad97cde664359ec7ba72c0ad0c10caeaf02926a6007d23bb7f...
CVE-2025-40068
In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: Fix integer overflow in rununpack The MFT record relative to the file being opened contains its runlist, an array containing information about the file's location on the physical disk. Analysis of all Call Stack paths...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from failure to properly handle the firmware return result of a QP/RQ destruction, which could result in the...
Linux Distros Unpatched Vulnerability : CVE-2025-30215
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11....
Linux Distros Unpatched Vulnerability : CVE-2025-38356
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Explicitly exit CT safe mode on unwind During driver probe we might be briefly...
Embedded Malicious Package
Overview @toptal/picasso-tailwind is a malicious package. through the preinstall and postinstall scripts. A potentially compromised account operating in Toptal's GitHub organization exposed an AWS token, leading to the account being taken over. This allowed the attackers to expose private...
BIT-NATS-2025-30215 NATS-Server Fails to Authorize Certain Jetstream Admin APIs
NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially expose...
AZL-60406 CVE-2025-30215 affecting package telegraf for versions less than 1.31.0-9
NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially expose...
CVE-2025-30215 NATS-Server Fails to Authorize Certain Jetstream Admin APIs
NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27 and 2.11.1, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially expose...
CVE-2021-38941
IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. IBM X-Force ID: 211048...
OpenLDAP 1.2.7/1.2.8/1.2.9/1.2.10 - '/usr/tmp/' Symlink
source: https://www.securityfocus.com/bid/1232/info A vulnerability exists in OpenLDAP as shipped with some versions of Linux, including RedHat 6.1 and 6.2, and TurboLinux 6.0.2 and earlier. OpenLDAP will create files in /usr/tmp, which is actually a symbolic link to the world writable /tmp...