Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007588)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007588 advisory. In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I'v...

CVE-2025-66574

TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the Open Object in Tree endpoint, allowing attackers to steal session cookies and potentially escalate privileges...

CVE-2025-66574

TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the Open Object in Tree endpoint, allowing attackers to steal session cookies and potentially escalate privileges...

CVE-2025-66574 TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS)

TranzAxis 3.2.41.10.26 allows authenticated users to inject cross-site scripting via the Open Object in Tree endpoint, allowing attackers to steal session cookies and potentially escalate privileges...

CVE-2025-66574

Summary: TranzAxis 3.2.41.10.26 is vulnerable to a stored XSS via the Open Object in Tree API endpoint. This authenticated-user vulnerability can lead to session cookie theft and potential privilege escalation. Root cause: stored cross-site scripting in the Open Object in Tree endpoint. Affected ...

Taiko Alethia 跨站脚本漏洞

Taiko Alethia is an open source Taiko Labs collection of software for implementing the Ethernet-based ZK-EVM Rollup protocol for the Taiko Layer 2 network. A cross-site scripting vulnerability exists in Taiko Alethia version 3.2.41.10.26, which stems from the presence of cross-site script injecti...

nouveau: lock the client object tree.

...

Linux Distros Unpatched Vulnerability : CVE-2024-27062

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing clien...

SUSE CVE-2024-27062

In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306 general protection...

CVE-2024-27062

A flaw was found in the nouveau module in the Linux kernel. A missing resource lock can cause a race condition and trigger a general protection fault, resulting in a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the...

DEBIAN-CVE-2024-27062

In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306 general protection...

AZL-59631 CVE-2024-27062 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306 general protection...

UBUNTU-CVE-2024-27062

In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306 general protection...

CVE-2024-27062 nouveau: lock the client object tree.

In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306 general protection...

CVE-2024-27062

CVE-2024-27062 relates to the Linux kernel nouveau driver, where the client object tree lacked locking and races occurred when adding/removing client objects (notably VRAM BAR mappings). The fix locks the client object tree to prevent race conditions during add/remove operations, addressing a gen...

CVE-2024-27062 nouveau: lock the client object tree.

In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306 general protection...

SUSE-SU-2024:1377-1 Security update for apache-commons-configuration

This update for apache-commons-configuration fixes the following issues: - CVE-2024-29131: Fixed StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator bsc1221797. - CVE-2024-29133: Fixed StackOverflowError calling ListDelimiterHandler.flattenObject, int with a cyclica...

SUSE-SU-2024:1365-1 Security update for apache-commons-configuration2

This update for apache-commons-configuration2 fixes the following issues: - CVE-2024-29131: Fixed StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator bsc1221797. - CVE-2024-29133: Fixed StackOverflowError calling ListDelimiterHandler.flattenObject, int with a cyclic...

Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree

This Out-of-bounds Write vulnerability in Apache Commons Configuration affects Apache Commons Configuration: from 2.0 before 2.10.1. User can see this as a 'StackOverflowError' calling 'ListDelimiterHandler.flattenObject, int' with a cyclical object tree. Users are recommended to upgrade to versi...

Design/Logic Flaw

The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 stores the database password in cleartext in an object in a ClearQuest connection profile or export file, which allows remote authenticated users to obtain sensitive information by locating the password object within the object...