GHSA-WCCX-J62J-R448 Fickling has `always_check_safety()` bypass: pickle.loads and _pickle.loads remain unhooked

Assessment The missing pickle entrypoints pickle.loads, pickle.loads, and pickle.load were added to the hook https://github.com/trailofbits/fickling/commit/8c24c6edabceab156cfd41f4d70b650e1cdad1f7. Original report Summary fickling.alwayschecksafety does not hook all pickle entry points...

Fickling has `always_check_safety()` bypass: pickle.loads and _pickle.loads remain unhooked

Assessment The missing pickle entrypoints pickle.loads, pickle.loads, and pickle.load were added to the hook https://github.com/trailofbits/fickling/commit/8c24c6edabceab156cfd41f4d70b650e1cdad1f7. Original report Summary fickling.alwayschecksafety does not hook all pickle entry points...

GHSA-CWJM-3F7H-9HWQ Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall

Impact There is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up goroutines and file descriptors indefinitely when the ACME TLS challenge is enabled. A malicious client can open many...

Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall

Impact There is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up goroutines and file descriptors indefinitely when the ACME TLS challenge is enabled. A malicious client can open many...

GO-2025-4151 SpiceDB: LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results in github.com/authzed/spicedb

SpiceDB: LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results in github.com/authzed/spicedb...

CVE-2025-65111 SpiceDB's LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results

SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union + and that union references the same relation on both sides but one si...

EUVD-2025-198499

SpiceDB is an open source database system for creating and managing security-critical application permissions. Prior to version 1.47.1, if a schema includes the following characteristics: permission defined in terms of a union + and that union references the same relation on both sides but one si...

Linux Distros Unpatched Vulnerability : CVE-2022-1283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NULL Pointer Dereference in rbinnegetentrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a...

Linux Distros Unpatched Vulnerability : CVE-2022-1297

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds Read in rbinnegetentrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read...

SUSE CVE-2022-1283

NULL Pointer Dereference in rbinnegetentrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service application crash...

SUSE CVE-2022-1297

Out-of-bounds Read in rbinnegetentrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash...

CVE-2022-1297

Out-of-bounds Read in rbinnegetentrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash...

UBUNTU-CVE-2022-1297

Out-of-bounds Read in rbinnegetentrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash...

radare2 缓冲区错误漏洞

Radare2 is a set of libraries and tools for working with binary files.A buffer overflow vulnerability exists in versions of Radare2 prior to 5.6.8, which stems from out-of-bounds application reads of the rbinnegetentrypoints function. An attacker could exploit this vulnerability to read sensitive...

CVE-2022-1283

NULL Pointer Dereference in rbinnegetentrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service application crash...

UBUNTU-CVE-2022-1283

NULL Pointer Dereference in rbinnegetentrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service application crash...

radare2 代码问题漏洞

radare2 is a set of libraries and tools for working with binary files. radareorg A code issue vulnerability exists in radare2 versions prior to 5.6.8 that stems from a null pointer dereference in the rbinnegetentrypoints function. An attacker can cause a denial of service via this vulnerability...