CVE-2025-0508 MD5 Hash Collision in SageMaker Workflow in aws/sagemaker-python-sdk

A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This...

CVE-2025-0508

CVE-2025-0508 affects the SageMaker Workflow component in aws/sagemaker-python-sdk, with MD5 hash collisions across all versions leading to potential workflow replacements and integrity issues in pipelines. The issue is documented across multiple feeds (including Red Hat, OSV, circl, and CVE list...

Azure Linux 3.0 Security Update: cmake / nghttp2 / nodejs / nodejs18 (CVE-2023-35945)

The version of cmake / nghttp2 / nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-35945 advisory. - Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's...

PHP 8.4.x < 8.4.5 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.32, 8.2.x prior to 8.2.28, 8.3.x prior to 8.3.19, or 8.4.x prior to 8.4.5. It is, therefore, affected by multiple vulnerabilities: - libxml streams use wrong content-type header wh...

PHP 8.1.x < 8.1.32 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.32, 8.2.x prior to 8.2.28, 8.3.x prior to 8.3.19, or 8.4.x prior to 8.4.5. It is, therefore, affected by multiple vulnerabilities: - libxml streams use wrong content-type header wh...

RLSA-2025:0377 Moderate: Security and bug fixes for NetworkManager

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband WWAN, and PPPoE devices, as well as providing VPN integration with a varie...

gitea -- Multiple vulnerabilities

[email protected] reports: Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied. go-redis ...

USN-7332-2: Linux kernel vulnerabilities

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service system crash or possibly execute arbitrary code...

FreeBSD : xorg server -- Multiple vulnerabilities (f4297478-fa62-11ef-b597-001fc69cd6dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f4297478-fa62-11ef-b597-001fc69cd6dc advisory. The X.Org project reports: The root cursor is referenced in the xserver as a global variable. ...

CVE-2025-21825

CVE-2025-21825 concerns the Linux kernel, specifically a race involving bpf_timer cancellation for PREEMPT_RT. The issue arises during updates to pre-allocated htab elements, where freeing old elements must be protected by the bucket lock to avoid reuse of freed memory under concurrent updates; a...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from landlock's handling of exception files that could lead to access problems...

Linux Distros Unpatched Vulnerability : CVE-2024-49998

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: dsa: improve shutdown sequence Alexander Sverdlin presents 2 problems during shutdown...

Linux Distros Unpatched Vulnerability : CVE-2024-53055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix 6 GHz scan construction If more than 255 colocated APs exist for the...

Linux Distros Unpatched Vulnerability : CVE-2024-53135

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Bury Intel PT virtualization guest/host mode behind CONFIGBROKEN Hide KVM's ptmode...

Linux Distros Unpatched Vulnerability : CVE-2024-46675

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: dwc3: core: Prevent USB core invalid event buffer address access This commit addresses an issue where the USB core could access an invalid event buffer...

Linux Distros Unpatched Vulnerability : CVE-2022-49172

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - parisc: Fix non-access data TLB cache flush faults When a page is not present, we get non-access data TLB faults from the fdc and fic instructions in...

Linux Distros Unpatched Vulnerability : CVE-2021-39255

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfsattrfindinattrdef, in NTFS-3G 2021.8.22. CVE-2021-39255 Note that...

Linux Distros Unpatched Vulnerability : CVE-2024-35814

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: swiotlb: Fix double-allocation of slots due to broken alignment handling Commit bbb73a103fbb...

Linux Distros Unpatched Vulnerability : CVE-2024-27014

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5e: Prevent deadlock while disabling aRFS When disabling aRFS under the priv-statelock, any scheduled aRFS works are canceled using the cancelworksync...

Linux Distros Unpatched Vulnerability : CVE-2024-36004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: i40e: Do not use WQMEMRECLAIM flag for workqueue Issue reported by customer during SRIOV...