MiracleLinux 4 : libguestfs-1.7.17-17.0.1.AXS4 (AXSA:2011-500:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-500:01 advisory. Libguestfs is a library for accessing and modifying guest disk images. Amongst the things this is good for: making batch configuration changes to guests,...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000585)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000585 advisory. Use-after-free vulnerability in the diskseqfstop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the...

MiracleLinux 4 : libvirt-0.9.10-21.5.0.1.AXS4 (AXSA:2012-975:04)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-975:04 advisory. Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001759)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001759 advisory. Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE...

MiracleLinux 4 : rsyslog-5.8.10-2.AXS4 (AXSA:2012-586:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-586:02 advisory. Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine...

AZL-74315 CVE-2025-68767 affecting package kernel for versions less than 6.6.121.1-1

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 16bits "mode" field loaded from disk are corrupted. According to 1, the permissions...

CVE-2025-68767

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 16bits "mode" field loaded from disk are corrupted. According to 1, the permissions...

UBUNTU-CVE-2025-68767

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 16bits "mode" field loaded from disk are corrupted. According to 1, the permissions...

CVE-2025-68767 hfsplus: Verify inode mode when loading from disk

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 16bits "mode" field loaded from disk are corrupted. According to 1, the permissions...

CVE-2025-68767

The CVE-2025-68767 case affects the Linux kernel’s hfsplus inode loading: if the 16-bit mode field read from disk is corrupted and non-zero, the i_mode S_IFMT bits may become bogus. When mode is not 0, the file type is derived as: dir==1 → S_IFDIR; dir==0 → one of S_IFREG, S_IFLNK, S_IFCHR, S_IFB...

CVE-2025-68767

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 16bits "mode" field loaded from disk are corrupted. According to 1, the permissions...

CVE-2025-68767 hfsplus: Verify inode mode when loading from disk

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 16bits "mode" field loaded from disk are corrupted. According to 1, the permissions...

Astra Linux – Vulnerability in zziplib

A issue was discovered in the function zzipdiskentrytofileheader in mmapped.c in zziplib 0.13.69, which may lead to a denial-of-service...

MiracleLinux 8 : thunderbird-128.12.0-1.el8_10.ML.1 (AXSA:2025-10437:13)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10437:13 advisory. thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links CVE-2025-5986 Tenable has extracted the precedin...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unvalidated mode field when loading an inode from disk, which could lead to file type corruption...

MiracleLinux 9 : thunderbird-128.12.0-1.el9_6.ML.1 (AXSA:2025-10676:17)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10676:17 advisory. thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links CVE-2025-5986 Tenable has extracted the precedin...

Deserialization of Untrusted Data

Overview llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the loadfromdisk function. An attacker can execute arbitrary code by supplying a crafted multiembedstore.pkl file in a user-controlled director...

CVE-2024-14021 LlamaIndex <= 0.11.6 BGEM3Index Unsafe Deserialization

LlamaIndex run-llama/llamaindex versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.loadfromdisk in llamaindex/indices/managed/bgem3/base.py. The function uses pickle.load to deserialize multiembedstore.pkl from a user-supplied persistdir without...

CVE-2024-14021

Summary: CVE-2024-14021 affects LlamaIndex up to 0.11.6, where BGEM3Index.load_from_disk() deserializes multi_embed_store.pkl from a user-supplied persist_dir using pickle.load() without validation, enabling arbitrary code execution when the index is loaded from disk. This is reported across mult...

udev Persistence

This module will add a script in /lib/udev/rules.d/ in order to execute a payload written on disk. It'll be executed with root privileges everytime a network interface other than l0 comes up. Execution is triggered through at command, so it must be installed on the target. Module Options msf use...