EUVD-2023-60411

In the Linux kernel, the following vulnerability has been resolved: amba: bus: fix refcount leak commit 5de1540b7bc4 "drivers/amba: create devices from device tree" increases the refcount of ofnode, but not releases it in ambadevicerelease, so there is refcount leak. By using ofnodeput to avoid...

EUVD-2021-15337

Malware in sbrugna...

EUVD-2025-13175

Malicious code in bioql PyPI...

EUVD-2022-54516

Malicious code in bioql PyPI...

EUVD-2022-39623

Malicious code in bioql PyPI...

EUVD-2025-30844

Malicious code in bioql PyPI...

GHSA-8J63-96WH-WH3J 1Panel agent certificate verification bypass leading to arbitrary command execution

Project Address: Project Address 1Panel Official website: https://www.1panel.cn/ Time: 2025 07 26 Version: 1panel V2.0.5 Vulnerability Summary - First, we introduce the concepts of 1panel v2 Core and Agent. After the new version is released, 1panel adds the node management function, which allows...

CVE-2021-28674

The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node outside of the attacker's perimeter via an account with write permissions. This occurs because node IDs are predictable with incrementing numbers and the access control on...

CVE-2024-10306

A vulnerability was found in modproxycluster. The issue is that the directive should be replaced by the directive as the former does not restrict IP/host access as Require ip IPADDRESS would suggest. This means that anyone with access to the host might send MCMP requests that may result in...

mod_cluster 安全漏洞

modcluster is an httpd-based load balancer for the modcluster project. A security vulnerability exists in modcluster that stems from the Directory directive not properly restricting IP or host access, which could lead to unauthorized node management operations...

CVE-2025-39930

In the Linux kernel, the following vulnerability has been resolved: ASoC: simple-card-utils: Don't use freedevicenode at graphutilparsedai commit 419d1918105e "ASoC: simple-card-utils: use freedevicenode for device node" uses freedevicenode for dlc-ofnode, but we need to keep it while driver is i...

CVE-2025-39930 ASoC: simple-card-utils: Don't use __free(device_node) at graph_util_parse_dai()

In the Linux kernel, the following vulnerability has been resolved: ASoC: simple-card-utils: Don't use freedevicenode at graphutilparsedai commit 419d1918105e "ASoC: simple-card-utils: use freedevicenode for device node" uses freedevicenode for dlc-ofnode, but we need to keep it while driver is i...

Important: Red Hat Security Advisory: fence-agents security update

An update for fence-agents is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

CVE-2022-49447

In the Linux kernel, the following vulnerability has been resolved: ARM: hisi: Add missing ofnodeput after offindcompatiblenode offindcompatiblenode will increment the refcount of the returned devicenode. Calling ofnodeput to avoid the refcount leak...

CVE-2022-49367

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxxmdiosregister ofgetchildbyname returns a node pointer with refcount incremented, we should use ofnodeput on it when done. mv88e6xxxmdioregister pass the device node to...

PT-2025-8614 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A refcount leak bug was found in the setup function of the xtfpga driver in the Linux kernel. The issue occurs because the of find compatible node function returns a node pointer with ...

SUSE CVE-2013-1399

Multiple cross-site request forgery CSRF vulnerabilities in the 1 node request management, 2 live management, and 3 user administration components in the console in Puppet Enterprise PE before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...

SUSE-RU-2022:4362-1 Recommended update for pdsh, slurm_22_05

This update for pdsh, slurm2205 fixes the following issues: Slurm was updated to 22.05.5 - Fixes a number of moderate severity issues, noteable are: Load hash plugin at slurmstepd launch time to prevent issues loading the plugin at step completion if the Slurm installation is upgraded. Update nvm...

CVE-2022-36966

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference IDOR vulnerability in SolarWinds Platform 2022.3 and previous...

CVE-2022-36966

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference IDOR vulnerability in SolarWinds Platform 2022.3 and previous...