EUVD-2022-28823

Malicious code in bioql PyPI...

CVE-2025-61592

Cursor CLI (versions ≤ 1.7) is vulnerable to Remote Code Execution via automatic loading of project-specific CLI configuration from /.cursor/cli.json that can override global settings. The underlying issue is permissive configuration combined with prompt injection delivered through project rules ...

CVE-2025-61592 Cursor CLI: Arbitrary Code Execution Possible through Permissive CLI Config

Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory /.cursor/cli.json could override certain global configurations in Cursor CLI. This allowed users running the CLI inside a...

CVE-2025-9670

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released...

CVE-2010-2961

mountall.c in mountall before 2.15.2 uses 0666 permissions for the root.rules file, which allows local users to gain privileges by modifying this file...

Ensure That auditd Is Enabled

The auditd component is a user-space component of the Linux audit framework, providing the auditctl, ausearch, and aureport programs to audit and view logs. Audit rules are configured using the auditctl program. When getting started, auditctl reads these rules from /etc/audit/audit.rules. The aud...

New 'Rules File Backdoor' Attack Lets Hackers Inject Malicious Code via AI Code Editors

Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence AI-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code. "This technique enables hackers to silently compromis...

PT-2024-40625 · Git +1 · Clamav

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash reported by OSS-Fuzz, with a Segv on an unknown address. The crash state includes functions such as yara yyparse, yr lex...

SUSE CVE-2021-36156

An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that locatio...

SUSE CVE-2021-36157

An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Cortex will attempt to parse a rules file at that...

AZL-45369 CVE-2022-23901 affecting package re2c for versions less than 3.1-4

A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/deadrules.cc...

CVE-2022-23901

A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/deadrules.cc...

PT-2022-16321 · Re2C +1 · Re2C +1

Name of the Vulnerable Software and Affected Versions: re2c version 2.2 Description: A stack overflow issue exists due to infinite recursion in the src/dfa/dead rules.cc file. Recommendations: For re2c version 2.2, at the moment, there is no information about a newer version that contains a fix f...

CVE-2020-17525

A null-pointer-dereference flaw was found in modauthzsvn of subversion. This flaw allows a remote, unauthenticated attacker to cause a denial of service in some server configurations. The highest threat from this vulnerability is to system availability. Mitigation As per upstream "As a workaround...

CVE-2020-15238 Local privilege escalation Blueman

Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any...

Linux kernel memory corruption vulnerability (CNVD-2019-37726)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A memory corruption vulnerability exists in the 'fib6rulesuppress' function of the net/ipv6/fib6rules.c file in versions of Linux kernel prior to 5.3.4, which can be...

How to Change Order of NICs in XenServer

Theinterface-rename is a utility included in Citrix Hypervisor 8.2 Cumulative Update 1 and XenServer 8. This utility allows for granular management of network interface cards to facilitate renaming and reordering of them from the default installed configuration. The interface-rename utility refer...

UBUNTU-CVE-2014-2331

CheckMK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330...

CentOS Update for infiniband-diags CESA-2013:0509 centos6

Check for the Version of infiniband-diags OpenVAS Vulnerability Test CentOS Update for infiniband-diags CESA-2013:0509 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/o...

arpspoof 3.1 b officially released-vulnerability warning-the black bar safety net

Main features: ARP spoofing is carried out during data modification, and session hijacking attacks Description: This program is open source code, in order to exchange for more friends. Examples: cheating 1 9 2. 1 6 8. 0. 1 0 8 to access the Baidu website, the whole process note:after I added the...