Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go. This vulnerability arises when using File.ReadDir or File.Readdir on the Unix platform to list...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001896)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001896 advisory. The dgramrecvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structu...

CVE-2022-50859

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a "smb3: add smb3.1.1 to default dialect list" extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect,...

UBUNTU-CVE-2022-50859

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATENEGOTIATEINFO message Commit d5c7076b772a "smb3: add smb3.1.1 to default dialect list" extend the dialects from 3 to 4, but forget to decrease the extended length when specific the dialect,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988738)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988738 advisory. In the Linux kernel, the following vulnerability has been resolved: igb: Initialize mailbox message for VF reset When a MAC address is not assigned to the VF, that...

EUVD-2025-12903

Malicious code in bioql PyPI...

UBUNTU-CVE-2022-49865

In the Linux kernel, the following vulnerability has been resolved: ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network When copying a struct ifaddrlblmsg to the network, ifalreserved remained uninitialized, resulting in a 1-byte infoleak: BUG: KMSAN: kernel-network-infoleak...

CVE-2024-47176

A security issue was found in OpenPrinting CUPS. The function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description PPD file based on attributes retrieved from an Internet Printing Protocol IPP response. Essentially, it takes printer information...

DEBIAN-CVE-2024-7264

libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...

GitLab 10.2 < 13.3.9 / 13.4 < 13.4.5 / 13.5 < 13.5.2 (CVE-2020-13352)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: =10.2, =13.4, =13.5, =10.2, =13.4, =13.5,...

BIT-GITLAB-2020-13352

Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: =10.2, =13.4, =13.5, 13.5.2...

CVE-2023-30996

CVE-2023-30996 affects IBM Cognos Analytics (versions 11.1.7, 11.2.4, 12.0.0) and describes information leakage due to unverified sources in inter-origin Windows object messages. The vulnerability is an information disclosure issue rather than remote code execution. Remediation is to upgrade to f...

CVE-2023-48161

Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c...

CVE-2023-43804

CVE-2023-43804 affects the Python urllib3 library, where a Cookie header may be leaked across cross-origin redirects if redirects are not disabled. The issue is resolved in urllib3 1.26.17 or 2.0.5. Affected environments are confirmed in multiple reports, including AlmaLinux and Brocade advisorie...

CVE-2023-39519

Cloud Explorer Lite is an open source cloud management platform. Prior to version 1.4.0, there is a risk of sensitive information leakage in the user information acquisition of CloudExplorer Lite. The vulnerability has been fixed in version 1.4.0...

CVE-2023-4413

A vulnerability was found in rkhunter Rootkit Hunter 1.4.4/1.4.6. It has been classified as problematic. Affected is an unknown function of the file /var/log/rkhunter.log. The manipulation leads to sensitive information in log files. An attack has to be approached locally. The complexity of an...

CVE-2022-48495

CVE-2022-48495 is described as a vulnerability allowing unauthorized access to foreground app information, with potential of obtaining such information if exploited. The primary technical context in the provided documents centers on Huawei HarmonyOS as the involved ecosystem, noting the vulnerabi...

CVE-2023-1764

Canon IJ Network Tool/Ver.4.7.5 and earlier supported OS: OS X 10.9.5-macOS 13,IJ Network Tool/Ver.4.7.3 and earlier supported OS: OS X 10.7.5-OS X 10.8 allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the software...

Security Bulletin: Vulnerabilities in Linux Kernel may affect IBM Spectrum Protect Plus

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in the Linux Kernel. Vulnerabilities include obtaining sensitive information, denial of service, elevation of privileges and remote execution of arbitrary code, as described by the CVEs in the "Vulnerability Details" section...

Security Bulletin: Security Vulnerabilities in moment, ansi-regex, Node.js, and minimatch may affect IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore (CVE-2022-31129, CVE-2022-24785, CVE-2021-3807, CVE-2022-29244, CVE-2022-3517)

Summary IBM Spectrum Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in moment, ansi-regex, Node.js, and minimatch. Vulnerabilities include denial of service attacks, obtaining sensitive information, and directory traversal, as described by the CVEs in th...