Linux Distros Unpatched Vulnerability : CVE-2018-10868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a...

Linux Distros Unpatched Vulnerability : CVE-2020-11023

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one ...

Linux Distros Unpatched Vulnerability : CVE-2016-1547

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92...

Linux Distros Unpatched Vulnerability : CVE-2018-8780

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods...

Linux Distros Unpatched Vulnerability : CVE-2018-10845

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct...

URI allows for userinfo Leakage in URI#join, URI#merge, and URI#+

There is a possibility for userinfo leakage by in the uri gem. This vulnerability has been assigned the CVE identifier CVE-2025-27221. We recommend upgrading the uri gem. Details The methods URIjoin, URImerge, and URI+ retained userinfo, such as user:password, even after the host is replaced. Whe...

Vo1d Botnet's Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries

Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malware dubbed Vo1d. The improved variant of Vo1d has been found to encompass 800,000 daily active IP addresses, with the botnet scaling a peak of...

CVE-2025-27221

In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...

The Rise of QR Phishing: How Scammers Exploit QR Codes and How to Stay Safe

QR phishing is on the rise, tricking users into scanning malicious QR codes. Learn how cybercriminals exploit QR codes and how to protect yourself...

CVE-2025-1570

The Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 8.1. This is due to the directoristgeneratepasswordresetpincode and resetuserpassword functions...

CVE-2025-21807

In the Linux kernel, the following vulnerability has been resolved: block: fix queue freeze vs limits lock order in sysfs store methods queueattrstore always freezes a device queue before calling the attribute store operation. For attributes that control queue limits, the store operation will als...

CVE-2025-21807

CVE-2025-21807 (Linux kernel) affects the block subsystem. queue_attr_store() previously freezes the device queue before invoking the attribute store operation. For attributes controlling queue limits, the store could lock queue limits via queue_limits_start_update(), creating an ABBA deadlock if...

CVE-2025-21807

In the Linux kernel, the following vulnerability has been resolved: block: fix queue freeze vs limits lock order in sysfs store methods queueattrstore always freezes a device queue before calling the attribute store operation. For attributes that control queue limits, the store operation will als...

CVE-2025-21807 block: fix queue freeze vs limits lock order in sysfs store methods

In the Linux kernel, the following vulnerability has been resolved: block: fix queue freeze vs limits lock order in sysfs store methods queueattrstore always freezes a device queue before calling the attribute store operation. For attributes that control queue limits, the store operation will als...

CVE-2025-21807 block: fix queue freeze vs limits lock order in sysfs store methods

In the Linux kernel, the following vulnerability has been resolved: block: fix queue freeze vs limits lock order in sysfs store methods queueattrstore always freezes a device queue before calling the attribute store operation. For attributes that control queue limits, the store operation will als...

CVE-2025-21792 ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt

In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount leak caused by setting SOBINDTODEVICE sockopt If an AX25 device is bound to a socket by setting the SOBINDTODEVICE socket option, a refcount leak will occur in ax25release. Commit 9fd75b66b8f6 "ax25: Fix refcou...

CVE-2025-21746

The CVE-2025-21746 issue affects the Linux kernel Input: synaptics path for enabling a pass-through port. Root cause: when enabling a pass-through port, an interrupt may arrive before the psmouse driver binds, and the synaptics sub-driver may access a psmouse instance not yet attached, potentiall...

Security update for chromium (moderate)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2025:0077-1 Rating: moderate References: 1237699 Affected Products: openSUSE Backports SLE-15-SP6 An update that contains security fixes can now be installed. Description: This update for chromium fixes the...

OS Fingerprints Detected

Using a combination of remote probes TCP/IP, SMB, HTTP, NTP, SNMP, etc, it was possible to gather one or more fingerprints from the remote system. While the highest-confidence result was reported in plugin 11936, “OS Identification”, the complete set of fingerprints detected are reported here...

Use of Uninitialized Resource

Overview passenger is a web server and application server for Ruby, Python and Node.js, optimized for performance, low memory usage and ease of use. Affected versions of this package are vulnerable to Use of Uninitialized Resource due to improper handling of HTTP requests with invalid methods. Th...