Security Bulletin: IBM Stering B2B Integrator and IBM Sterling File Gateway are Vulnerable to Information Disclosure (CVE-2025-2667)

Summary IBM Stering B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure vulnerability Vulnerability Details CVEID:CVE-2025-2667 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could disclose sensitive system information about the server to a privileged...

CVE-2025-38678 netfilter: nf_tables: reject duplicate device on updates

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch is possible. Unfortunately, netdev event path only removes the first device that is found, leaving...

Linux Distros Unpatched Vulnerability : CVE-2021-1817

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS...

Linux Distros Unpatched Vulnerability : CVE-2025-27407

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21,...

Linux Distros Unpatched Vulnerability : CVE-2018-11307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltrati...

CVE-2025-52572

Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizing in the dangling web interface. 2. Web...

@activfinancial/activ-workstation (>=0.3.0 <=0.4.35), @activfinancial/time-series-chart (>=0.3.40 <=0.3.51) +36 more potentially affected by CVE-2025-49223 via billboard.js (>=1.0.1 <=3.14.0)

billboard.js NPM version =1.0.1, =0.3.0, =0.3.40, =3.0.0, =0.0.55, =1.0.0, =1.0.0, =4.0.0, =1.0.0, =1.0.0, =0.0.1-alpha.1, =5.4.0, =1.5.0, =2.0.0 and more Source cves: CVE-2025-49223 Source advisory: OSV:GHSA-65P9-J6PG-72HJ...

Ensure That All Groups Exist in /etc/passwd

All user groups in /etc/passwd must exist in the /etc/group file. If the administrator manually modifies the two files, the user groups may be incorrectly set due to human errors. If a user group in /etc/passwd does not exist in /etc/group, risks of user group permission management may occur...

Malicious code in vue-highcharts-official (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 77cfc02c501427a852db092cefc7ba8db24e59e250528d0ccc163e6b328097fb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

UBUNTU-CVE-2023-52938

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Don't attempt to resume the ports before they exist This will fix null pointer dereference that was caused by the driver attempting to resume ports that were not yet registered...

PowerVR DEVMEMXINT_RESERVATION::ppsPMR Lock Failure

The array ppsPMR in DEVMEMXINTRESERVATION holds references to PMR structures using PMRRefPMR2, intending to prevent the PMRs' physical memory from being released. However, PMRs with PVRSRVMEMALLOCFLAGNOOSPAGESONALLOC which for OSMem PMRs internally translates to FLAGONDEMAND can release their...

Linux Distros Unpatched Vulnerability : CVE-2022-3297

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use After Free in GitHub repository vim/vim prior to 9.0.0579. CVE-2022-3297 Note that Nessus relies on the presence of the package as reported by the vendor...

Linux Distros Unpatched Vulnerability : CVE-2023-4738

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. CVE-2023-4738 Note that Nessus relies on the presence of the package as reported by t...

Linux Distros Unpatched Vulnerability : CVE-2023-37765

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gfdumpvrmlsffield function at /lib/libgpac.so. CVE-2023-37765...

Linux Distros Unpatched Vulnerability : CVE-2017-15874

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - archival/libarchive/decompressunlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation. CVE-2017-15874 Note that Nessus relies ...

Linux Distros Unpatched Vulnerability : CVE-2018-18384

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size...

UBUNTU-CVE-2024-45339

When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that...

DEBIAN-CVE-2024-53240

In the Linux kernel, the following vulnerability has been resolved: xen/netfront: fix crash when removing device When removing a netfront device directly after a suspend/resume cycle it might happen that the queues have not been setup again, causing a crash during the attempt to stop the queues...

CVE-2024-39719

An issue was discovered in Ollama through 0.3.14. File existence disclosure can occur via api/create. When calling the CreateModel route with a path parameter that does not exist, it reflects the "File does not exist" error message to the attacker, providing a primitive for file existence on the...

KLA77354 DoS vulnerability in Wireshark

Denial of service vulnerability was found in Wireshark. Malicious users can exploit this vulnerability to cause denial of service. Original advisories wnpa-sec-2024-13 · AppleTalk and RELOAD Framing dissector crashes Exploitation Public exploits exist for this vulnerability. Related products...