Security Bulletin: Multiple Vulnerabilities in IBM watsonx Code Assistant IDE Extensions

Summary Multiple vulnerabilities were addressed in IBM watsonx Code Assistant IDE Extensions VS code - V1.8.2, Eclipse IDE - 1.4.1 Vulnerability Details CVEID:CVE-2025-31125 DESCRIPTION: Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using...

Malicious code in zlib1g-dev (PyPI)

--- -= Per source details. Do not edit below this line.=-...

kernel: media: uvcvideo: Fix double free in error path

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path If the uvcstatusinit function fails to allocate the inturb, it will free the dev-status pointer but doesn't reset the pointer to NULL. This results in the kfree call in...

Linux Distros Unpatched Vulnerability : CVE-2023-0760

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV. CVE-2023-0760 Note that Nessus relies on the presence of the package as reported ...

Linux Distros Unpatched Vulnerability : CVE-2023-0819

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV. CVE-2023-0819 Note that Nessus relies on the presence of the package as reported ...

Linux Distros Unpatched Vulnerability : CVE-2022-1035

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV. CVE-2022-1035 Note that Nessus relies on the presence of the package...

Linux Distros Unpatched Vulnerability : CVE-2020-6107

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable information disclosure vulnerability exists in the devread functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can...

ai-dynamo-vllm (>=0.8.4 <=0.8.4.post4), arbor-ai (>=0.2.2 <=0.2.4) +35 more potentially affected by CVE-2025-57809 via xgrammar (>=0.1.11 <=0.1.19)

xgrammar PYPI version =0.1.11, =0.8.4, =0.2.2, =0.0.2, =0.1.1, =0.1.1, =0.0.2, =1.1.4, =0.1.1, =0.2.0a1, =0.1.2, =0.0.7, =0.0.24 and more Source cves: CVE-2025-57809 Source advisory: OSV:GHSA-5CMR-4PX5-23PC...

PoDoFo 安全漏洞

PoDoFo is a free portable C++ library open-sourced by PoDoFo. A security vulnerability exists in PoDoFo version 1.1.0-dev, which originates from a post-release reuse of the PdfTokenizer::DetermineDataType function in the src/podofo/main/PdfTokenizer.cpp file...

PT-2025-34570 · Podofo +1 · Podofo +1

Name of the Vulnerable Software and Affected Versions: PoDoFo version 1.1.0-dev Description: A flaw has been identified in the PDF Dictionary Parser component of PoDoFo. The issue resides within the PdfTokenizer::DetermineDataType function in the file src/podofo/main/PdfTokenizer.cpp. Manipulatio...

CVE-2025-57753

vite-plugin-static-copy is rollup-plugin-copy for Vite with dev server support. Files not included in src are accessible with a crafted request. The vulnerability is fixed in 2.3.2 and 3.1.2...

vite-plugin-static-copy files not included in `src` are possible to access with a crafted request

Summary Files not included in src was possible to access with a crafted request. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Arbitrary files can be disclosed by exploiting this vulnerability. Details Consider the...

GHSA-PP7P-Q8FX-2968 vite-plugin-static-copy files not included in `src` are possible to access with a crafted request

Summary Files not included in src was possible to access with a crafted request. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Arbitrary files can be disclosed by exploiting this vulnerability. Details Consider the...

Directory Traversal

Overview vite-plugin-static-copy is a rollup-plugin-copy for vite with dev server support. Affected versions of this package are vulnerable to Directory Traversal via the viaLocal function. An attacker can access arbitrary files on the server by sending crafted HTTP requests that exploit path...

Security update for net-tools

This update for net-tools fixes the following issues: Provide more readable error for interface name size checking bsc1243581 Perform bound checks when parsing interface labels in /proc/net/dev bsc1243581, bsc1246608. CVE-2025-46836 Patch Instructions: To install this SUSE update use the SUSE...

PT-2025-34242 · Vite · Vite-Plugin-Static-Copy

Name of the Vulnerable Software and Affected Versions: vite-plugin-static-copy versions prior to 2.3.2 vite-plugin-static-copy versions prior to 3.1.2 Description: The vite-plugin-static-copy plugin for Vite allows access to files not included in the src directory through a crafted request. This...

@n8n/task-runner (>=1.37.0 <=1.42.3), n8n-node-dev (>=1.0.0 <=1.104.3) +10 more potentially affected by CVE-2025-57749 via n8n-core (>=1.0.0 <=1.105.3)

n8n-core NPM version =1.0.0, =1.37.0, =1.0.0, =0.1.0, =0.3.3, =0.3.1, =1.1.0, =0.1.4, =0.4.10, =0.2.0, =0.1.0, =0.4.28 Source cves: CVE-2025-57749 Source advisory: SNYK:JS-N8NCORE-12081401...

CLSA-2025-1755681073 Update of systemd

Fix deleting job when iSCSi used - /dev/lve is added into the list of private devices...

SUSE CVE-2025-38555

In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in compositedevcleanup 1. In func configfscompositebind - compositeosdescreqprepare: if kmalloc fails, the pointer cdev-osdescreq will be freed but not set to NULL. Then it will return a failure t...

SUSE CVE-2025-38589

In the Linux kernel, the following vulnerability has been resolved: neighbour: Fix null-ptr-deref in neighflushdev. kernel test robot reported null-ptr-deref in neighflushdev. 0 The cited commit introduced per-netdev neighbour list and converted neighflushdev to use it instead of the global hash...