CVE-2021-20077

Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token...

CVE-2020-2186

A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.50.1 and earlier allows attackers to provision instances...

CVE-2019-10569

Stack buffer overflow due to instance id is misplaced inside definition of hardware accelerated effects in makefile in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, APQ8098, MDM9607, MDM9640, MSM8998, QCS605, SC8180X, SDM439, SDM630, SDM636, SDM660,...

CVE-2019-16767

The admin sys mode is now conditional and dedicated for the special case. By default, since [email protected] no instance container is launched with advanced capabilities not launched as root...

CVE-2011-2632

Opera before 11.11 does not properly handle destruction of a Silverlight instance, which allows remote attackers to cause a denial of service application crash via a web page, as demonstrated by vod.onet.pl...

CVE-2006-4936

Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors...

Outsourcing SAT-Based Verification Computations in Network Security

The emergence of cloud computing gives huge impact on large computations. Cloud computing platforms offer servers with large computation power to be available for customers. These servers can be used efficiently to solve problems that are complex by nature, for example, satisfiability SAT problem...

CVE-2025-47946 symfony/ux-live-component and symfony/ux-twig-component vulnerable to unsanitized HTML attribute injection via ComponentAttributes

Symfony UX is an initiative and set of libraries to integrate JavaScript tools into applications. Prior to version 2.25.1, rendering attributes or using any method that returns a ComponentAttributes instance e.g. only, defaults, without ouputs attribute values directly without escaping. If these...

CVE-2025-37800

CVE-2025-37800 targets the Linux kernel driver core. A potential NULL pointer dereference in dev_uevent() could occur if userspace reads a uevent attribute while another thread unbinds the device, changing dev->driver from a valid pointer to NULL. The fix uses READ_ONCE() when fetching the dri...

SUSE CVE-2023-53134

In the Linux kernel, the following vulnerability has been resolved: bnxten: Avoid order-5 memory allocation for TPA data The driver needs to keep track of all the possible concurrent TPA GRO/LRO completions on the aggregation ring. On P5 chips, the maximum number of concurrent TPA is 256 and the...

CVE-2023-53134

In the Linux kernel, the following vulnerability has been resolved: bnxten: Avoid order-5 memory allocation for TPA data The driver needs to keep track of all the possible concurrent TPA GRO/LRO completions on the aggregation ring. On P5 chips, the maximum number of concurrent TPA is 256 and the...

CVE-2023-53134

In the Linux kernel, the following vulnerability has been resolved: bnxten: Avoid order-5 memory allocation for TPA data The driver needs to keep track of all the possible concurrent TPA GRO/LRO completions on the aggregation ring. On P5 chips, the maximum number of concurrent TPA is 256 and the...

CVE-2022-49841

In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add missing .thawnoirq hook The following warning is seen with non-console UART instance when system hibernates. 37.371969 ------------ cut here ------------ 37.376599 uart3rootclk already disabled 37.380810 WARNING:...

CVE-2022-49841 serial: imx: Add missing .thaw_noirq hook

In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add missing .thawnoirq hook The following warning is seen with non-console UART instance when system hibernates. 37.371969 ------------ cut here ------------ 37.376599 uart3rootclk already disabled 37.380810 WARNING:...

CVE-2025-23163 net: vlan: don't propagate flags on open

In the Linux kernel, the following vulnerability has been resolved: net: vlan: don't propagate flags on open With the device instance lock, there is now a possibility of a deadlock: 1.211455 ============================================ 1.211571 WARNING: possible recursive locking detected 1.21168...

GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.

...

AWS VDP: Private AWS AMIs are temporarily being exposed publicly

Temporary public exposure of private AWS AMIs was discovered. Multiple AMIs with internal AWS-related content were found in the public AMI community catalog, but were quickly removed. An EC2 instance was successfully created using one of the exposed AMIs, revealing the presence of undocumented...

Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics

Impact An unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. Patches PR 1745 fixes the problem. Available in Miniflux = 2.0.43...

GHSA-3QJF-QH38-X73V Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics

Impact An unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. Patches PR 1745 fixes the problem. Available in Miniflux = 2.0.43...

BIT-APPSMITH-2024-55964

An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that...