Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems

Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and deploy malware called DripDropper. But in an unusual twist, the unknown attackers have been observed patching the exploited vulnerability after securing initial...

Linux Distros Unpatched Vulnerability : CVE-2019-20429

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic via a modified lmbufcount field due to the lack of validation for...

Linux Distros Unpatched Vulnerability : CVE-2018-12115

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding recognized by Node.js under the names 'ucs2', 'ucs-2', 'utf16le' and...

Linux Distros Unpatched Vulnerability : CVE-2025-38022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/core: Fix KASAN: slab-use-after-free Read in ibregisterdevice problem Call Trace: dumpstack lib/dumpstack.c:94 inline dumpstacklvl+0x116/0x1f0...

CVE-2025-55161

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security...

Linux Distros Unpatched Vulnerability : CVE-2021-2304

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.23 and prior. Easily...

Linux Distros Unpatched Vulnerability : CVE-2024-35921

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix oops when HEVC init fails The stateless HEVC decoder saves the...

CVE-2022-4304 affecting package edk2 for versions less than 20230301gitf80f052277c8-42

CVE-2022-4304 affecting package edk2 for versions less than 20230301gitf80f052277c8-42. A patched version of the package is available...

Linux Distros Unpatched Vulnerability : CVE-2025-2312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from the cifs-utils package makes an upcall to the wrong...

CVE-2025-38319

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pp: Fix potential NULL pointer dereference in atomctrlinitializemcregtable The function atomctrlinitializemcregtable and atomctrlinitializemcregtablev22 does not check the return value of smuatomgetdatatable. If...

CVE-2025-38001

In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch 141d34391abbb315d68556b7c67ad97885407547 1 can be bypassed, and a UAF can still occur when HFSC ...

CVE-2021-1461

A vulnerability in the Image Signature Verification feature of Cisco SD-WAN Software could allow an authenticated, remote attacker with Administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital...

CVE-2022-49859 net: lapbether: fix issue of invalid opcode in lapbeth_open()

In the Linux kernel, the following vulnerability has been resolved: net: lapbether: fix issue of invalid opcode in lapbethopen If lapbregister failed when lapb device goes to up for the first time, the NAPI is not disabled. As a result, the invalid opcode issue is reported when the lapb device go...

Security Bulletin: Vulnerability in certifi affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2022-23491]

Summary The certifi package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVE CVE-2022-23491 Vulnerability Details CVEID:CVE-2022-23491 DESCRIPTION: An unspecified error in with TrustCor's ownership also operated a business that...

webkit2gtk3 security update

2.46.6-2 - Add patch for CVE-2025-24201...

CVE-2025-23419 affecting package nginx for versions less than 1.25.4-3

CVE-2025-23419 affecting package nginx for versions less than 1.25.4-3. A patched version of the package is available...

CVE-2025-1150

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfdmalloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high...

HCL BigFix Patch Management 代码问题漏洞

HCL BigFix Patch Management is a comprehensive patch management solution from HCL Corporation, USA, designed to help organizations effectively manage and deploy security and non-security patches for operating systems and applications. A security vulnerability exists in HCL BigFix Patch Management...

CVE-2022-2961 affecting package kernel for versions less than 5.15.167.1-2

CVE-2022-2961 affecting package kernel for versions less than 5.15.167.1-2. A patched version of the package is available...

CVE-2024-3938

The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a...