Astra Linux - уязвимость в dpkg

In dpkg, the Debian package management system, versions prior to 1.21.8, 1.20.10, 1.19.8, and 1.18.26 are vulnerable to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include debian.tar, the in-place extraction process may...

UNC1069 Targets Node.js Maintainers via Fake LinkedIn, Slack Profiles

North Korean group UNC1069 targets Node.js maintainers using fake LinkedIn and Slack profiles to spread malware and compromise open source packages...

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source packages.

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has a...

Security Bulletin: IBM watsonx.data integration has several vulnerabilities due to open source packages (CVE-2018-20225, CVE-2025-6985, CVE-2025-54368)

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intend...

Security Bulletin: IBM watsonx.data integration has vulnerabilities due to open source packages (CVE-2025-55197)

Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2025-55197 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM bein...

Security Bulletin: Multiple vulnerabilities in DataStage on Cloud Pak for Data

Summary DataStage on Cloud Pak for Data is vulnerable to multiple software vulnerabilities due to open source packages. Vulnerability Details CVEID:CVE-2025-61724 DESCRIPTION: The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2025-68150 via parse-server (>=2.0.8 <=7.5.4)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2025-68150 Source advisory: OSV:GHSA-3F5F-XGRJ-97PF...

Security Bulletin: Astronomer with IBM is vulnerable to several issues due to open source packages

Summary Open source software is used by Astronomer with IBM as part of overall processing functionality. Vulnerability Details CVEID:CVE-2007-2243 DESCRIPTION: OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user...

Security Bulletin: Astronomer with IBM is vulnerable to several issues due to open source packages

Summary Open source software is used by Astronomer with IBM as part of overall processing functionality. Vulnerability Details CVEID:CVE-2005-2541 DESCRIPTION: Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gai...

Pack-A-Mal: A Malware Analysis Framework for Open-Source Packages

The increasingly sophisticated environment in which attackers operate makes software security an even greater challenge in open-source projects, where malicious packages are prevalent. Static analysis tools, such as Malcontent, are highly useful but are often incapable of dealing with obfuscated...

EUVD-2022-24950

Malicious code in bioql PyPI...

USN-7161-3 Docker vulnerability

USN-7161-1 and USN-7161-2 fixed CVE-2024-41110 for source package docker.io in Ubuntu 18.04 LTS and for source package docker.io-app in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. This update fixes it for source package docker.io in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,...

Security Bulletin: Multiple vulnerabilities in IBM Storage Defender – Data Protect

Summary There are multiple vulnerabilities in Open Source packages that affect IBM Storage Defender – Data Protect. These vulnerabilities can result in runtime errors, denial of service, remote code execution, arbitrary command execution, bypass of security restrictions, incorrect file permission...

CVE-2024-36623

moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes...

Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation

Summary The vulnerabilities are related to IBM® SDK Java™ Technology Edition, Version 8 disclosed as part of the IBM Java SDK updates in April and July 2020, to the Node.js runtime and builtin modules, to other open source packages and to offering vulnerabilities discovered during security testin...

Python's PyPI Reveals Its Secrets

GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in...

PT-2024-15355 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue pertains to open source packages that include metadata indicating the absence of a specific problem in new minor versions. This concept is likened to a "recall" of all...

Detect and Manage the Risk of Apache Struts (CVE-2023-50164) Comprehensively

Introduction In the vast landscape of cybersecurity, staying vigilant against potential threats is crucial. A critical vulnerability that surfaced recently is CVE-2023-50164, affecting Apache Struts 2, a widely used open-source framework for Java development. This path traversal vulnerability,...

Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware

The npm registry for the Node.js JavaScript runtime environment is susceptible to what's called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. "A npm package's manifest is...

EulerOS Virtualization 3.0.2.0 : dpkg (EulerOS-SA-2023-1744)

According to the versions of the dpkg package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a...