RockyLinux 8 : tomcat (RLSA-2025:11333)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:11333 advisory. tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2...

RockyLinux 9 : gimp (RLSA-2025:7417)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:7417 advisory. gimp: dds buffer overflow RCE CVE-2023-44441 gimp: PSD buffer overflow RCE CVE-2023-44442 gimp: psp integer overflow RCE CVE-2023-44443 gimp: psp...

tomcat security update

An update is available for tomcat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages...

RLSA-2025:11333 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITYUPDATE frame CVE-2025-3165...

pwn2own2018

Pwn2Own 2018: Safari + macOS Safari RCE, sandbox escape, and LPE to kernel for macOS 10.13.3. Usage Install nasm and tornado: brew install nasm pip3 install tornado Check config.py if you want to change the host or ports. Afterwards start the server with ./server.py and navigate to the shown URL...

MAL-2025-6254 Malicious code in redux-init-rce (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 001436a444d94a1473a5f914d6f2ff7e18e622f232ca7b48be8c0126a70eb962 The OpenSSF Package Analysis project identified 'redux-init-rce' @...

Malicious code in redux-saga-channel-end-rce (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 3c0fde8502cb19eb266cf53e69e92a54e426d6996f99eefd2c3ecefd5db7cc43 The OpenSSF Package Analysis project identified...

MAL-2025-6253 Malicious code in dva-update-rce (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b95ece97aa3f5d58ea4fb2cedc0508d316d19bf5241465748806202bcd86c861 The OpenSSF Package Analysis project identified 'dva-update-rce' @...

Malicious code in dva-loading-show-rce (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2779c32d64a46ff3b8b9de62cd9161c7b6e0071c4a3103b2a37e949f374467a0 The OpenSSF Package Analysis project identified 'dva-loading-show-rce...

Malicious code in dva-loading-hide-rce (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 236bea5646a5f41a1a00049315bf89b5d58d75f522e1d1dbc8bbc86d85e10919 The OpenSSF Package Analysis project identified 'dva-loading-hide-rce...

MAL-2025-6251 Malicious code in dva-loading-hide-rce (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 236bea5646a5f41a1a00049315bf89b5d58d75f522e1d1dbc8bbc86d85e10919 The OpenSSF Package Analysis project identified 'dva-loading-hide-rce...

Malicious code in redux-replace-rce (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis eb28c0e340d0d3220c0b6c87681ecdb8ff015040d97ed20852a5fabf651f503d The OpenSSF Package Analysis project identified 'redux-replace-rce' @...

Security update for gstreamer-plugins-bad (important)

openSUSE Security Update: Security update for gstreamer-plugins-bad Announcement ID: openSUSE-SU-2025:0229-1 Rating: important References: 1242809 Cross-References: CVE-2025-3887 CVSS scores: CVE-2025-3887 SUSE: 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Affected Products...

CVE-2014-125115 Pandora FMS ≤ 5.0 SP2 Default Credential SQL Injection RCE

An unauthenticated SQL injection vulnerability exists in Pandora FMS version 5.0 SP2 and earlier. The mobile/index.php endpoint fails to properly sanitize user input in the loginhashdata parameter, allowing attackers to extract administrator credentials or active session tokens via crafted...

Exploit for Deserialization of Untrusted Data in Microsoft

suricata-rule-CVE-2025-53770 Detection rules for CVE-2025-5377...

CVE-2017-20198 DC/OS Marathon UI < 1.9.0 Unauthenticated RCE via Docker Mount Abuse

The Marathon UI in DC/OS 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem / with read/write privileges. When using a malicious Docker image,...

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syst...

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

AlmaLinux 9 : tomcat (ALSA-2025:11335)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:11335 advisory. tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2...

CVE-2025-34129 LILIN DVR RCE via Malicious FTP/NTP Configuration

A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicio...