Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2025-095 (ALASKERNEL-5.10-2025-095)

The version of kernel installed on the remote host is prior to 5.10.238-231.953. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2025-095 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITESAME No Data...

CVE-2024-45258

The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a "garbage in, garbage out" design...

AZL-62504 CVE-2025-22125 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: md/raid1,raid10: don't ignore IO flags If blk-wbt is enabled by default, it's found that raid write performance is quite bad because all IO are throttled by wbt of underlying disks, due to flag REQIDLE is ignored. And turns out...

AZL-69611 CVE-2025-22125 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: md/raid1,raid10: don't ignore IO flags If blk-wbt is enabled by default, it's found that raid write performance is quite bad because all IO are throttled by wbt of underlying disks, due to flag REQIDLE is ignored. And turns out...

CVE-2025-30742

The CVE-2025-30742 entry concerns atophttpd 2.8.0. Affected component: httpd.c. Description: an off-by-one error causes an out-of-bounds read when processing a 1024-character request string that would not terminate with a final NUL character. Impact is a partial/low-severity in the NVD metrics (a...

CVE-2025-30742

httpd.c in atophttpd 2.8.0 has an off-by-one error and resultant out-of-bounds read because a certain 1024-character req string would not have a final '\0' character...

Linux Distros Unpatched Vulnerability : CVE-2024-3183

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client's session key. This key is different for each new session,...

Malicious code in req-management-ui (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-1920 Malicious code in req-management-ui (npm)

--- -= Per source details. Do not edit below this line.=-...

SUSE CVE-2022-49588

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpmigratereq. While reading sysctltcpmigratereq, it can be changed concurrently. Thus, we need to add READONCE to its readers...

CVE-2022-49588 tcp: Fix data-races around sysctl_tcp_migrate_req.

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpmigratereq. While reading sysctltcpmigratereq, it can be changed concurrently. Thus, we need to add READONCE to its readers...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: cachefiles: A consistency check has been added for copen/cread operations. This prevents malicious processes from executing random copen/cread requests, which could potentially crash the system. The added checks are as follows...

RUSTSEC-2025-0160 `custom-req-on-workers` was removed from crates.io for malicious code

custom-req-on-workers was part of a campaign that attempted to exfiltrate environmental data from the host. The malicious crate had 1 version published in January 2025, and had no evidence of actual usage. This crate had no dependencies on crates.io...

Malicious code in req-ip-scope (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4cac8b2dfbc3066e94727e843a2abe5a2af44476170248c207bf5026a8892d18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11122 Malicious code in req-ip-ban (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 42ccb3d9a195046654b07e64e09e577fa33552b38ebea8854c5fffc5fed5043f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11123 Malicious code in req-ip-scope (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4cac8b2dfbc3066e94727e843a2abe5a2af44476170248c207bf5026a8892d18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-50154

A use-after-free UAF vulnerability was found and fixed in the Linux kernel's TCP subsystem related to request socket reqsk timers during handshake handling. This issue stems from a race condition caused by relying on timerpending in reqskqueueunlink. This could result in the timer continuing to r...

CVE-2024-50154

In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai Lau reported use-after-free 0 in reqsktimerhandler. """ We are seeing a use-after-free from a bpf prog attached to tracetcpretransmitsynack. The program passes th...

Malicious code in client-req-scopes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b46412fce5fe330212b43b8bb638bc55056c4d72aee91074e21429f921e46232 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10498 Malicious code in client-req-scopes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b46412fce5fe330212b43b8bb638bc55056c4d72aee91074e21429f921e46232 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...