EUVD-2026-32427

In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: skip reading rdevs that are not insync When reading bitmap pages from member disks, the code iterates through all rdevs and attempts to read from the first available one. However, it only checks for raiddisk...

Your Data Lake Is Turning Into a Junk Drawer? Here’s How to Clean It Up

Data lakes start organized but can turn into dumping grounds. Learn the signs of data lake clutter and simple steps to clean it up without rebuilding...

CVE-2025-38503

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion when building free space tree When building the free space tree with the block group tree feature enabled, we can hit an assertion failure like this: BTRFS info device loop0 state M: rebuilding free space tre...

CVE-2025-4674

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

CVE-2023-24423

A cross-site request forgery CSRF vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit...

CVE-2025-22865

Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed...

CVE-2024-45340

Credentials provided via the new GOAUTH feature were not being properly segmented by domain, allowing a malicious server to request credentials they should not have access to. By default, unless otherwise set, this only affected credentials stored in the users .netrc file...

bcc security update

0.30.0-6 - Rebuild with LLVM 18 RHEL-28684 0.30.0-5 - Drop python3-pyelftools dependency on s390x until it is available 0.30.0-4 - Exclude btrfs and f2fs libbpf tools RHEL-36579 0.30.0-3 - Really prevent the loading of compromised headers RHEL-28769, CVE-2024-2314 - Add python3-pyelftools...

Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin

Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main Jenkinsfile script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose Jenkinsfile script is no longer...

CVE-2024-34158

Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion...

CVE-2024-34156

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635...

CVE-2024-44975

In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: fix panic caused by partcmdupdate We find a bug as below: BUG: unable to handle page fault for address: 00000003 PGD 0 P4D 0 Oops: 0000 1 PREEMPT SMP NOPTI CPU: 3 PID: 358 Comm: bash Tainted: G W I 6.6.0-10893-g60d...

EulerOS 2.0 SP9 : glade (EulerOS-SA-2024-1931)

According to the versions of the glade package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial...

CVE-2023-24531

Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a shell script can cause various bad bahaviors, including executing arbitrary commands or inserting new environment variables. This issue is...

idm:DL1 security update

bind-dyndb-ldap 11.6-4 - Modify empty zone conflicts under exclusive mode Resolves: rhbz2126877 11.6-3 - Rebuild against bind 9.11.36 - Resolves: rhbz2022762 11.6-2 - Rebuild against bind 9.11.26 - Resolves: rhbz1904612 11.6-1 - New upstream release - Resolves: rhbz1891735 11.3-1 - New upstream...

OESA-2024-1270 glade security update

Glade is a RAD tool to enable quick and easy development of user interfaces for the GTK+ toolkit and the GNOME desktop environment. Security Fixes: plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial ...

CVE-2024-24783

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for...

CVE-2024-24784

The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers...

Low: glade

Issue Overview: plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service application crash. CVE-2020-36774 Affected Packages: glade Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Node Access Rebuild Progressive - Less critical - Access bypass - SA-CONTRIB-2024-013

This module provides an alternative mean of rebuilding the Content Access table. The module doesn't sufficiently reset the state of content access when the module is uninstalled...