Linux Distros Unpatched Vulnerability : CVE-2012-2121

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS use...

Linux Distros Unpatched Vulnerability : CVE-2014-4652

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Race condition in the tlv handler functionality in the sndctlelemusertlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel...

Linux Distros Unpatched Vulnerability : CVE-2013-4350

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 14 security fixes: 397731718 High CVE-2025-1914: Out of bounds read in V8. Reported by Zhenghang Xiao @Kipreyyy and Nan Wang @eternalsakura13 on 2025-02-20 391114799 Medium CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in...

Linux Distros Unpatched Vulnerability : CVE-2014-3673

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service system crash via a malformed ASCONF chunk, relat...

Linux Distros Unpatched Vulnerability : CVE-2012-2375

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The nfs4getacluncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a cop...

Linux Distros Unpatched Vulnerability : CVE-2014-4655

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The sndctlelemadd function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the...

Linux Distros Unpatched Vulnerability : CVE-2017-3224

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open Shortest Path First OSPF protocol implementations may improperly determine Link State Advertisement LSA recency for LSAs with MaxSequenceNumber. According ...

Linux Distros Unpatched Vulnerability : CVE-2013-6382

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service memory corruption or...

Linux Distros Unpatched Vulnerability : CVE-2014-1745

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of...

Manifest Uses a One-Way Hash without a Salt

Summary Manifest employs a weak password hashing implementation that uses SHA3 without a salt. This exposes user passwords to a higher risk of being cracked if an attacker gains access to the database. Without the use of a salt, identical passwords across multiple users will result in the same...

GO-2025-3477 S3-Proxy allows Reflected Cross-site Scripting (XSS) in template implementation in github.com/oxyno-zeta/s3-proxy

S3-Proxy allows Reflected Cross-site Scripting XSS in template implementation in github.com/oxyno-zeta/s3-proxy...

CVE-2025-27498

aes-gcm is a pure Rust implementation of the AES-GCM. In decryptinplacedetached, the decrypted ciphertext which is the correct ciphertext is exposed even if the tag is incorrect. This is because in decryptinplace in asconcore.rs, tag verification causes an error to be returned with the plaintext...

CVE-2025-27421

Abacus is a highly scalable and stateless counting API. A critical goroutine leak vulnerability has been identified in the Abacus server's Server-Sent Events SSE implementation. The issue occurs when clients disconnect from the /stream endpoint, as the server fails to properly clean up resources...

CVE-2025-27498

The CVE-2025-27498 entry concerns a vulnerability in a pure Rust AES-GCM implementation where decrypt_in_place_detached can expose the decrypted plaintext even if the authentication tag is invalid. Root cause: in decrypt_in_place in asconcore.rs, a tag verification error is returned while the pla...

CVE-2025-27498

aes-gcm is a pure Rust implementation of the AES-GCM. In decryptinplacedetached, the decrypted ciphertext which is the correct ciphertext is exposed even if the tag is incorrect. This is because in decryptinplace in asconcore.rs, tag verification causes an error to be returned with the plaintext...

Linux Distros Unpatched Vulnerability : CVE-2011-1083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause...

Linux Distros Unpatched Vulnerability : CVE-2010-3173

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 doe...

Linux Distros Unpatched Vulnerability : CVE-2010-3698

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The KVM implementation in the Linux kernel before 2.6.36 does not properly reload the FS and GS segment registers, which allows host OS users to cause a denial ...

CVE-2025-21814 ptp: Ensure info->enable callback is always set

In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure info-enable callback is always set The ioctl and sysfs handlers unconditionally call the -enable callback. Not all drivers implement that callback, leading to NULL dereferences. Example of affected drivers: ptps390.c,...