CVE-2025-11493

The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an on-path attacker could perform a man-in-the-middle attack and substitute malicious files for legitimate ones by...

EUVD-2000-0052

Malware in sbrugna...

EUVD-2016-2642

Malware in sbrugna...

EUVD-2015-0570

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414662)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414662 advisory. An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker ...

EUVD-2024-34087

Malicious code in bioql PyPI...

EUVD-2024-47533

Malicious code in bioql PyPI...

EUVD-2023-45636

Malicious code in bioql PyPI...

UBUNTU-CVE-2024-45339

When logs are written to a widely-writable directory the default, an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that...

DEBIAN-CVE-2024-53259

quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IPPMTUDISCDO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceed...

CVE-2024-53259

quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IPPMTUDISCDO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceed...

PT-2023-27800 · Enterprisedb · Enterprisedb Postgres Advanced Server

Name of the Vulnerable Software and Affected Versions: EnterpriseDB Postgres Advanced Server versions prior to 11.21.32 EnterpriseDB Postgres Advanced Server versions prior to 12.16.20 EnterpriseDB Postgres Advanced Server versions prior to 13.12.16 EnterpriseDB Postgres Advanced Server versions...

K98221124: Multiple dnsmasq vulnerabilities CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686

Security Advisory Description CVE-2020-25684 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply destination address/port is used by the pending forwarded queries. However, it does not use the...

K09604370: Linux kernel vulnerability CVE-2020-25705

Security Advisory Description A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this...

K09940637: NTP vulnerability CVE-2019-11331

Security Advisory Description Network Time Protocol NTP, as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks. CVE-2019-11331 Impact Using an off-path attack not a man-in-the-middle...

SUSE CVE-2019-11331

Network Time Protocol NTP, as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks...

SUSE CVE-2020-25686

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the...

OESA-2022-1950 ansible security update

\ Security Fixes: A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the...

SUSE-SU-2022:3123-1 Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-1504002416 fixes several issues. The following security issues were fixed: - CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment method with the hash-based IPID assignment policy to inject data into a victim's TCP session or terminate that...

SUSE-SU-2022:3061-1 Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-5934 fixes several issues. The following security issues were fixed: - CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment method with the hash-based IPID assignment policy to inject data into a victim's TCP session or terminate that session...