CVE-2021-28543 affecting package varnish-modules 0.16.0-4

CVE-2021-28543 affecting package varnish-modules 0.16.0-4. This CVE either no longer is or was never applicable...

GO-2025-3380 Mattermost has Improper Check for Unusual or Exceptional Conditions in github.com/mattermost/mattermost-server

Mattermost has Improper Check for Unusual or Exceptional Conditions in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

RHEL 9 : kpatch-patch-5_14_0-284_52_1, kpatch-patch-5_14_0-284_79_1, and kpatch-patch-5_14_0-284_92_1 (RHSA-2025:0054)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:0054 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module i...

Amazon Linux 2023 : perl-Module-ScanDeps, perl-Module-ScanDeps-tests (ALAS2023-2025-797)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-797 advisory. Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a pesky pipe such...

CVE-2024-40747

Various module chromes didn't properly process inputs, leading to XSS vectors...

USN-7159-5: Linux kernel (Raspberry Pi) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - S390 architecture; - x86 architecture; - Power management core; - GPU...

PT-2025-43417

Name of the Vulnerable Software and Affected Versions NVIDIA Display Driver for Linux nvidia-graphics-drivers nvidia-graphics-drivers-legacy-390xx nvidia-graphics-drivers-tesla-418 nvidia-graphics-drivers-tesla-470 nvidia-graphics-drivers-tesla-535 nvidia-open-gpu-kernel-modules Description The...

PT-2025-25546

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.0.1 Erlang OTP version 27.3.4.1 Erlang OTP version 26.2.5.13 stdlib versions 2.0 through 7.0.1 stdlib version 6.2.2.1 stdlib version 5.2.3.4 Description The issue is related to a Path Traversal vulnerability...

PT-2026-4942

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.3 through 3.6 Description A flaw exists in OpenSSL where the SSL CIPHER find function, when used in a QUIC protocol client or server, can experience a NULL pointer dereference if it receives an unknown cipher suite from its...

AZL-62565 CVE-2024-53219 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: virtiofs: use pages instead of pointer for kernel direct IO When trying to insert a 10MB kernel module kept in a virtio-fs with cache disabled, the following warning was reported: ------------ cut here ------------ WARNING: CPU: ...

[SECURITY] Fedora 41 Update: libxml2-2.12.9-1.fc41

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

@boostercloud/framework-provider-azure-infrastructure (>=3.1.0 <=3.4.4), @cdktf/cli-core (>=0.20.8 <=0.21.0-pre.151) +3 more potentially affected by unknown CVE via jsii (>=5.4.12 <=5.4.31)

jsii NPM version =5.4.12, =3.1.0, =0.20.8, =5.12.7, =0.20.8, =1.26.0, =1.29.0 Source cves: unknown CVE Source advisory: OSV:GHSA-M56H-5XX3-2JC2...

CVE-2024-12687

Deserialization of Untrusted Data vulnerability in PlexTrac Runbooks modules which allows Object Injection and arbitrary file writes. This issue affects PlexTrac: from 1.61.3 before 2.8.1...

CVE-2024-45493

An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 Fixed in 7.0.0. The FieldServer Gateway has internal users, whose access is supposed to be restricted to login locally on the device. However, an attacker can bypass the check for this, which might allow them to authenticate...

CVE-2024-45494

The CVE affects MSA FieldServer Gateway versions 5.0.0–6.5.2 (fixed in 7.0.0). A shared administrative user on all devices uses an unsafe, static secret for authentication, enabling potential unauthorized admin access. The issue is described with high impact across confidentiality, integrity, and...

GO-2024-3312 CA certificate sign check bypass in github.com/canonical/lxd

CA certificate sign check bypass in github.com/canonical/lxd...

ROS-20241209-02

A vulnerability in some IntelR TDX modules is related to improper input validation. Exploitation of the vulnerability could allow a privileged attacker to potentially escalate privileges through local access. Vulnerability related to processor instruction sequencing causes unexpected behavior on...

Malicious code in cap1-modules (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-11324 Malicious code in cap1-modules (npm)

--- -= Per source details. Do not edit below this line.=-...

Metasploit Weekly Wrap-Up 12/06/2024

Post-Thanksgiving Big Release This week's release is an impressive one. It adds 9 new modules, which will get you remote code execution on products such as Ivanti Connect Secure, VMware vCenter Server, Asterisk, Fortinet FortiManager and Acronis Cyber Protect. It also includes an account takeover...