1269 matches found
Updated konsole packages fix security vulnerability
KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code...
OSV-SCALIBR has NULL Pointer Dereference
A bug in the filesystem traversal fallback path causes fs/diriterate/diriterate.go:Next to overindex an empty slice when ReadDir returns nil for an empty directory, resulting in a panic index out of range and an application crash denial of service in OSV-SCALIBR...
CVE-2025-13425
A bug in the filesystem traversal fallback path causes fs/diriterate/diriterate.go:Next to overindex an empty slice when ReadDir returns nil for an empty directory, resulting in a panic index out of range and an application crash denial of service in OSV-SCALIBR...
Moderate: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update
An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
RHEL 9 : Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update (Moderate) (RHSA-2025:21768)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:21768 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Manage...
UBUNTU-CVE-2025-40199
In the Linux kernel, the following vulnerability has been resolved: pagepool: Fix PPMAGICMASK to avoid crashing on some 32-bit arches Helge reported that the introduction of PPMAGICMASK let to crashes on boot on his 32-bit parisc machine. The cause of this is the mask is set too wide, so the...
sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems
A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...
sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems
A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...
CVE-2025-64439 LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer
LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. In versions 2.1.2 and below, the JsonPlusSerializer used as the default serialization protocol for all checkpointing contains a Remote Code Execution RCE...
sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems
A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...
sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems
A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...
sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems
A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989330)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989330 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found When reading EDID fai...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990270)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990270 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found When reading EDID fai...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988850)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988850 advisory. In the Linux kernel, the following vulnerability has been resolved: mptcp: clear 'kern' flag from fallback sockets The mptcp ULP extension relies on sk-sksockkern...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: mptcp: make the fallback action and decision atomic. Syzkaller reported the following errors: WARNING: CPU: 1 PID: 7704 at net/mptcp/protocol.h:1223 mptcpdofallback net/mptcp/protocol.h:1223 inline WARNING: CPU: 1 PID: 7704 at...
EUVD-2025-37219
In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view...
CVE-2025-34272 Nagios Log Server < 2024R2.0.3 Non-Empty Default Dashboard Fallback
In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view...
CVE-2025-34272
Nagios Log Server (pre-2024R2.0.3) has a defect where deleting a user’s configured default dashboard may not fall back reliably to an empty default dashboard, potentially showing an unintended default view. This can lead to information exposure or unintended privilege exposure depending on dashbo...
CVE-2025-34272 Nagios Log Server < 2024R2.0.3 Non-Empty Default Dashboard Fallback
In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view...