428 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-62395
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing...
CLSA-2025-1763123915 udisks2: Fix of CVE-2025-8067
CVE-2025-8067: fix issue allowing unprivileged users to create loop devices by validating lower bound of index parameter in loop device handler function...
UBUNTU-CVE-2025-40149
In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990751)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990751 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Set lower bound of start tick time Currently ALSA timer doesn't have the lower limit...
kernel: ipvlan: Fix use-after-free in ipvlan_get_iflink().
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix use-after-free in ipvlangetiflink. syzbot presented an use-after-free report 0 regarding ipvlan and linkwatch. ipvlan does not hold a refcnt of the lower device unlike vlan and macvlan. If the linkwatch work is...
Advisory ROSA-SA-2025-3043
Software: openssh 8.0p1 OS: ROSA Virtualization 3.1 unaffected versions = openssh-8.0p1-26.0.2.2.rv31 affected versions openssh-8.0p1-26.0.2.2.rv31 CVE-ID: CVE-2020-14145 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the OpenSSH cryptographic security tool is related to a lack of service...
Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990010)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990010 advisory. In the Linux kernel, the following vulnerability has been resolved: xhci: Fix command ring pointer corruption while aborting a command The command ring pointer is...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989942)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989942 advisory. In the Linux kernel, the following vulnerability has been resolved: xhci: Fix command ring pointer corruption while aborting a command The command ring pointer is...
EUVD-2025-37220
Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deletion workflow, enabling lower-privileged use...
CVE-2025-62395
A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...
UBUNTU-CVE-2025-62395
A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...
EUVD-2025-35666
A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...
CVE-2025-62395 Moodle: external cohort search service leaks system cohort data
A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...
CVE-2025-62395 Moodle: external cohort search service leaks system cohort data
A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...
CVE-2025-62395
CVE-2025-62395 affects Moodle LMS via a flaw in the cohort search web service. The issue allows users with permissions in lower contexts to access cohort information from the system context, potentially exposing restricted administrative data. The Connected documents confirm the vulnerability des...
CVE-2025-62395
A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...
EUVD-2025-31843
A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing manipulation of the argument ID results in cross site scripting. It is...
CVE-2025-36354
IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system due to improper validation of user supplied input...
EUVD-2019-7299
Malware in sbrugna...
EUVD-2021-11169
Malware in sbrugna...