638 matches found
EUVD-2020-2680
Malware in sbrugna...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414586)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414586 advisory. A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local us...
EUVD-2024-35262
Malicious code in bioql PyPI...
Exploit for CVE-2025-55817
This is a PoC exploit for CVE-2025-55817, a Stored Cross Site Sc...
MAL-2025-42965 Malicious code in @trp-ta-nitro/secrets-nodejs (npm)
The package @trp-ta-nitro/secrets-nodejs was found to contain malicious code...
Linux Distros Unpatched Vulnerability : CVE-2021-3543
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A loc...
Linux Distros Unpatched Vulnerability : CVE-2021-46927
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: nitroenclaves: Use getuserpagesunlocked call to handle mmap assert After commit 5b78ed24e8e...
Malicious code in nitro-components (npm)
The package nitro-components was found to contain malicious code...
MAL-2025-27565 Malicious code in nitro-components (npm)
The package nitro-components was found to contain malicious code...
MAL-2025-9567 Malicious code in @trp-ta-nitro/auth-browser-js (npm)
The package @trp-ta-nitro/auth-browser-js was found to contain malicious code...
Medium: runc
Issue Overview: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. CVE-2025-4673 Affected Packages: runc Note: This advisory is applicable to Amazon Linux 2 - Nitro-enclaves Extra. Visit this page to learn more about...
SUSE SLES15: aws-nitro-enclaves-binaryblobs-upstream / aws-nitro-enclaves-cli / etc (SUSE-SU-SUSE-RU-2025:02204-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2025:02204-1 advisory. - Fix idna accepts Punycode labels that do not produce any non-ASCII when decoded bsc1243859 - Update to version 1.4....
SUSE SLES15: aws-nitro-enclaves-binaryblobs-upstream / aws-nitro-enclaves-cli / etc (SUSE-SU-SUSE-RU-2025:02203-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2025:02203-1 advisory. - Fix idna accepts Punycode labels that do not produce any non-ASCII when decoded bsc1243859 - Update to version 1.4.2 - Update...
SUSE-RU-2025:02204-1 Recommended update for aws-nitro-enclaves-cli
This update for aws-nitro-enclaves-cli fixes the following issues: - Fix idna accepts Punycode labels that do not produce any non-ASCII when decoded bsc1243859 - Update to version 1.4.2 - Update aws-nitro-enclaves-sdk-bootstrap to version f718dea6 - Update to version 1.3.3git0.afb7264 - Update...
SUSE-RU-2025:02203-1 Recommended update for aws-nitro-enclaves-cli
This update for aws-nitro-enclaves-cli fixes the following issues: - Fix idna accepts Punycode labels that do not produce any non-ASCII when decoded bsc1243859 - Update to version 1.4.2 - Update aws-nitro-enclaves-sdk-bootstrap to version f718dea6 - Update to version 1.3.3git0.afb7264 - Update...
Important: amazon-ecr-credential-helper
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Important: runc
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...
Malicious code in nitro-contracts (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fcfdc095311c01986f57ec3730d8e3600f3c83ffb5fc23c500a51eed38ea048d Any computer that has this package installed or running should be considered...
MAL-2025-5233 Malicious code in nitro-contracts (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fcfdc095311c01986f57ec3730d8e3600f3c83ffb5fc23c500a51eed38ea048d Any computer that has this package installed or running should be considered...
Important: containerd
Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...