2184 matches found
CVE-2025-34469
CVE-2025-34469 affects Cowrie before 2.9.0. In emulated shell mode, the wget and curl commands perform real outbound HTTP requests, enabling unauthenticated attackers to generate unbounded traffic to arbitrary targets. This SSRF can turn the Cowrie honeypot into a denial-of-service amplification ...
EUVD-2025-204642
Cowrie versions prior to 2.9.0 contain a server-side request forgery SSRF vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these command emulations perform real outbound HTTP requests to attacker-supplied destinations. Because no...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992777)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992777 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: fix oops in concurrently setting insnemulation sysctls emulationprochandler changes...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992318)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992318 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: fix oops in concurrently setting insnemulation sysctls emulationprochandler changes...
AZL-73201 CVE-2025-14180 affecting package php for versions less than 8.3.29-1
In PHP versions 8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTREMULATEPREPARES enabled, an invalid character sequence such as \x99 in a prepared statement parameter may cause the quoting function...
CVE-2025-14180
CVE-2025-14180 affects PHP’s PDO PostgreSQL driver when using PDO::ATTR_EMULATE_PREPARES and can cause a NULL return from PQescapeStringConn on certain invalid parameter sequences, leading to a NULL pointer dereference in pdo_parse_params() and potential server crashes. Connected advisories confi...
SCyTAG: Scalable Cyber-Twin for Threat-Assessment Based on Attack Graphs
Understanding the risks associated with an enterprise environment is the first step toward improving its security. Organizations employ various methods to assess and prioritize the risks identified in cyber threat intelligence CTI reports that may be relevant to their operations. Some methodologi...
UBUNTU-CVE-2023-54116
In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-generic: prohibit potential out-of-bounds access The fbdev test of IGT may write after EOF, which lead to out-of-bound access for drm drivers with fbdev-generic. For example, run fbdev test on a x86+ast2400 platform, wi...
CVE-2023-54116 drm/fbdev-generic: prohibit potential out-of-bounds access
In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-generic: prohibit potential out-of-bounds access The fbdev test of IGT may write after EOF, which lead to out-of-bound access for drm drivers with fbdev-generic. For example, run fbdev test on a x86+ast2400 platform, wi...
EUVD-2025-205087
In the Linux kernel, the following vulnerability has been resolved: macintosh/machid: fix race condition in machidtoggleemumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------ cut here ------------ listadd double add:...
CVE-2025-68367
In the Linux kernel, the following vulnerability has been resolved: macintosh/machid: fix race condition in machidtoggleemumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------ cut here ------------ listadd double add:...
CVE-2025-68367
In the Linux kernel, the following vulnerability has been resolved: macintosh/machid: fix race condition in machidtoggleemumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------ cut here ------------ listadd double add:...
CVE-2025-68367 macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse
In the Linux kernel, the following vulnerability has been resolved: macintosh/machid: fix race condition in machidtoggleemumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------ cut here ------------ listadd double add:...
CVE-2025-68367
CVE-2025-68367 is a Linux kernel race in mac_hid_toggle_emumouse where two processes concurrently write to mac_hid emulation, each reading old_val=0 outside the mutex and both registering the input handler, causing a double list_add. The fix moves the old_val read inside the mutex-protected regio...
CVE-2025-68367
In the Linux kernel, the following vulnerability has been resolved: macintosh/machid: fix race condition in machidtoggleemumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------ cut here ------------ listadd double add:...
CVE-2025-68367 macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse
In the Linux kernel, the following vulnerability has been resolved: macintosh/machid: fix race condition in machidtoggleemumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------ cut here ------------ listadd double add:...
Linux Distros Unpatched Vulnerability : CVE-2025-68367
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - macintosh/machid: fix race condition in machidtoggleemumouse The following warning appears when running syzkaller, and this issue also exists in the mainline...
SUSE-SU-2025:4505-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50253: bpf: make sure skb-len != 0 when redirecting to a tunneling device bsc1249912. - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in...
Server-side Request Forgery (SSRF)
Overview cowrie is a Cowrie SSH/Telnet Honeypot. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the emulation of wget and curl commands in shell mode. An attacker can cause the system to send arbitrary HTTP requests to external hosts by repeatedly invokin...
GHSA-83JG-M2PM-4JXJ Cowrie has a SSRF vulnerability in wget/curl emulation enabling DDoS amplification
Summary A Server-Side Request Forgery SSRF vulnerability in Cowrie's emulated shell mode allows unauthenticated attackers to abuse the honeypot as an amplification vector for HTTP-based denial-of-service attacks against arbitrary third-party hosts. Details When Cowrie operates in emulated shell...