Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the session handler for redis and memcache. An attacker can perform arbitrary file write operations by submitting crafted session data. Details Serialization is a process of converting an object into...

Incorrect Resource Transfer Between Spheres

Overview Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the CSS sanitization process for HTML email messages. An attacker can inject malicious CSS by crafting specially formatted HTML emails that exploit the lack of proper sanitization,...

Incorrect Resource Transfer Between Spheres

Overview Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the remote image blocking process. An attacker can cause unauthorized remote image loading by embedding specially crafted SVG content with animate elements using attributes such as fill,...

Incorrect Resource Transfer Between Spheres

Overview Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the processing of HTML email content when handling the background attribute of the BODY element. An attacker can cause information disclosure or bypass access controls by sending a speciall...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001332)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001332 advisory. An out-of-bounds OOB memory access flaw was found in x25bind in net/x25/afx25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker...

PT-2025-52963

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.4.0-rc5-01219-gfa0e21fa4443 Description The Linux kernel contained a data race condition related to the unix tot inflight variable within the af unix subsystem. Specifically, unix tot inflight was being modifie...

PT-2025-52927

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc5-syzkaller-00008-ge01d50cbd6ee Description The Linux kernel contains a use-after-free issue within the mrp Multiple Registration Protocol component. Specifically, a synchronization problem exists in the...

EUVD-2007-1720

Malware in sbrugna...

Malicious code in ng2-bootstrap-rc5 (npm)

The package ng2-bootstrap-rc5 was found to contain malicious code...

MAL-2025-27464 Malicious code in ng2-bootstrap-rc5 (npm)

The package ng2-bootstrap-rc5 was found to contain malicious code...

PT-2025-36412

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.0-rc5-xfstests-ufs-g40f92e79b0aa 9 Description A flaw exists in the Linux kernel where vm unmap ram may be called from an invalid context within the F2FS filesystem. This issue occurs when testing F2FS with...

CVE-2024-41098 ata: libata-core: Fix null pointer dereference on error

In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix null pointer dereference on error If the ataportalloc call in atahostalloc fails, atahostrelease will get called. However, the code in atahostrelease tries to free ataport struct members unconditionally, whi...

CVE-2024-39467

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on ixattrnid in sanitycheckinode syzbot reports a kernel bug as below: F2FS-fs loop0: Mounted with checkpoint version = 48b305e4 ================================================================== BUG:...

CVE-2022-48752 powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending

In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Fix powerpmudisable to call clearpmiirqpending only if PMI is pending Running selftest with CONFIGPPCIRQSOFTMASKDEBUG enabled in kernel triggered below warning: 172.851380 ------------ cut here ------------ 172.8513...

CVE-2024-26932

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix double-free issue in tcpmportunregisterpd When unregister pd capabilitie in tcpm, KASAN will capture below double -free issue. The root cause is the same capabilitiy will be kfreed twice, the first time is...

PT-2024-21526 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.8.0-rc5+ Description: The issue is related to the LoongArch architecture in the Linux kernel. When disabling non-boot CPUs, the cpu sibling map is not updated correctly, leading to errors on SMT systems, such ...

CVE-2024-28869

Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of...

CVE-2024-28869

Technical details about CVE-2024-28869 are not publicly available in the provided Connected documents. The initial description lists vulnerable Traefik versions and fixes, but no additional technical specifics or exploit information are present here. Monitor for updates.

PT-2024-3308 · Traefik +1 · Traefik +1

Name of the Vulnerable Software and Affected Versions: Traefik versions prior to 2.11.2 Traefik versions prior to 3.0.0-rc5 Description: The issue is related to insufficient handling of exceptional states when processing Content-Length headers, resulting in an indefinite hang with the default...

Oracle Linux 9 : openssl (ELSA-2024-0310)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0310 advisory. - AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries CVE-2023-2975 Resolves: RHEL-5302 - Excessive time spent...