CVE-2026-22782

RustFS is a distributed object storage system built in Rust. From = 1.0.0-alpha.1 to 1.0.0-alpha.79, invalid RPC signatures cause the server to log the shared HMAC secret and expected signature, which exposes the secret to log readers and enables forged RPC calls. In...

RustFS's RPC signature verification logs shared secret

Summary Invalid RPC signatures cause the server to log the shared HMAC secret and expected signature, which exposes the secret to log readers and enables forged RPC calls. Details In crates/ecstore/src/rpc/httpauth.rs:115-122 , the invalid signature branch logs sensitive data: rs if signature !=...

CVE-2019-18601

OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to denial of service from unserialized data access because remote attackers can make a series of VOTEDebug RPC calls to crash a database server within the SVOTEDebug RPC handler...

CVE-2019-2308

User application could potentially make RPC call to the fastrpc driver and the driver will allow the message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988943)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988943 advisory. In the Linux kernel, the following vulnerability has been resolved: NFSv4: Don't hold the layoutget locks across multiple RPC calls When doing layoutget as part of t...

EUVD-2008-4290

Malware in sbrugna...

EUVD-2020-28009

Malware in sbrugna...

EUVD-2013-4188

Malware in sbrugna...

EUVD-2015-6491

Malware in sbrugna...

EUVD-2016-5523

Malware in sbrugna...

EUVD-2019-11950

Malware in sbrugna...

EUVD-2022-54911

Malicious code in bioql PyPI...

EUVD-2023-47101

Malicious code in bioql PyPI...

Silent Pivot: Detecting Fileless Lateral Movement via Service Manager with Trellix NDR

Silent Pivot: Detecting Fileless Lateral Movement via Service Manager with Trellix NDR By Maulik Maheta and Lishoy Mathew · September 8, 2025 Executive summary The tactics of cyber adversaries continue to evolve as they attempt to bypass security vendors. Rather than traditional malware, today’s...

CVE-2022-30034

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes...

Linux Distros Unpatched Vulnerability : CVE-2022-49316

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NFSv4: Don't hold the layoutget locks across multiple RPC calls When doing layoutget as part of the open compound, we have to be careful to release the layout...

CVE-2022-49316 NFSv4: Don't hold the layoutget locks across multiple RPC calls

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Don't hold the layoutget locks across multiple RPC calls When doing layoutget as part of the open compound, we have to be careful to release the layout locks before we can call any further RPC calls, such as setattr. The...

CVE-2022-49316

CVE-2022-49316 affects the Linux kernel’s NFSv4 layout management. The issue arises when performing layoutget as part of an open() compound: locks for the layoutget are held across multiple RPC calls, which can trigger recalls and deadlock. The connected advisories (EulerOS/Unity/Nessus OSS) conf...

CVE-2022-49316

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Don't hold the layoutget locks across multiple RPC calls When doing layoutget as part of the open compound, we have to be careful to release the layout locks before we can call any further RPC calls, such as setattr. The...

CVE-2022-49316 NFSv4: Don't hold the layoutget locks across multiple RPC calls

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Don't hold the layoutget locks across multiple RPC calls When doing layoutget as part of the open compound, we have to be careful to release the layout locks before we can call any further RPC calls, such as setattr. The...