Linux Distros Unpatched Vulnerability : CVE-2023-53187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: fix use-after-free of new block group that became unused If a task creates a new block group and that block group becomes unused before we finish its...

UBUNTU-CVE-2025-39821

In the Linux kernel, the following vulnerability has been resolved: perf: Avoid undefined behavior from stopping/starting inactive events Calling pmu-start/stop on perf events in PERFEVENTSTATEOFF can leave event-hw.idx at -1. When PMU drivers later attempt to use this negative index as a shift...

A Graph-Based Approach to Alert Contextualisation in Security Operations Centres

Interpreting the massive volume of security alerts is a significant challenge in Security Operations Centres SOCs. Effective contextualisation is important, enabling quick distinction between genuine threats and benign activity to prioritise what needs further analysis.This paper proposes a...

UBUNTU-CVE-2023-53187

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free of new block group that became unused If a task creates a new block group and that block group becomes unused before we finish its creation, at btrfscreatependingblockgroups, then when btrfsmarkbgunused ...

CVE-2023-53192 vxlan: Fix nexthop hash size

In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix nexthop hash size The nexthop code expects a 31 bit hash, such as what is returned by fibmultipathhash and rt6multipathhash. Passing the 32 bit hash returned by skbgethash can lead to problems related to the fact that...

CVE-2023-53169 x86/resctrl: Clear staged_config[] before and after it is used

In the Linux kernel, the following vulnerability has been resolved: x86/resctrl: Clear stagedconfig before and after it is used As a temporary storage, stagedconfig in rdtdomain should be cleared before and after it is used. The stale value in stagedconfig could cause an MSR access error. Here is...

CVE-2023-53169

CVE-2023-53169 concerns the Linux kernel resctrl path (x86/resctrl) where the rdt_domain’s staged_config[] was not cleared before/after use, allowing stale values to cause an MSR access error (WRMSR to 0xca0) when creating resource groups under CDP. The report describes resctrl_arch_update_domain...

CVE-2025-27238

Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them...

FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks

The U.S. Federal Bureau of Investigation FBI has issued a flash alert to release indicators of compromise IoCs associated with two cybercriminal groups tracked as UNC6040 and UNC6395 for orchestrating a string of data theft and extortion attacks. "Both groups have recently been observed targeting...

CVE-2025-10224

Improper Authentication CWE-287 in the LDAP authentication engine in AxxonSoft Axxon One C-Werk 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login...

BIT-NIFI-2024-56512 Apache NiFi: Missing Complete Authorization for Parameter and Service References

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

BIT-NIFI-2022-33140 Improper Neutralization of Command Elements in Shell User Group Provider

The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the...

CVE-2025-27238

Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them...

CVE-2025-27238

Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them...

CVE-2025-27238

Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them...

DEBIAN-CVE-2025-27238

Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them...

UBUNTU-CVE-2025-27238

Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them...

CVE-2025-27238 API hostprototype.get lists data to users with insufficient authorization.

Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them...

Zabbix 安全漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A security vulnerability exists in Zabbix that stems from the hostprototype.get method listing all host prototypes to users with unassign...

CVE-2025-42923

Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated user could be tricked by an attacker to send unintended request to the web server. This has low impact on integrity and no impact on confidentiality and availability of the application...