Linux Distros Unpatched Vulnerability : CVE-2022-48707

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix null pointer dereference for resetting decoder Not all decoders have a reset...

API Specifications: Why, When, and How to Enforce Them

APIs facilitate communication between different software applications and power a wide range of everyday digital experiences, from weather apps to streaming services and everything in between. They are also a critical ingredient of AI. However, if not structured and standardized properly, APIs ca...

The vulnerability of the pfifo_tail_enqueue() function (net/sched/sch_fifo.c) in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the pfifotailenqueue function net/sched/schfifo.c in the Linux operating system is related to a discrepancy in functionality according to the specification. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility o...

The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in the possibility of an operation going beyond the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability of PDF document viewing and editing software PDF-XChange Editor lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created XPS file...

CVE-2020-15222

In ORY Fosite the security first OAuth2 & OpenID Connect framework for Go before version 0.31.0, when using "privatekeyjwt" authentication the uniqueness of the jti value is not checked. When using client authentication method "privatekeyjwt", OpenId specification says the following about asserti...

CVE-2024-10975

Nomad Community and Nomad Enterprise "Nomad" volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface CSI volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad...

SUSE CVE-2025-0938

The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...

Bot Protection Bypass

Anubis is vulnerable to Bot Protection Bypass. The vulnerability is due to insufficient validation due to allowing attackers to specify a nonce and set the challenge difficulty to zero, effectively bypassing the bot protection mechanism...

GO-2025-3412 Excessive resource consumption when unmarshalling Compose file with recursive loop in github.com/compose-spec/compose-go/v2

Excessive resource consumption when unmarshalling Compose file with recursive loop in github.com/compose-spec/compose-go/v2...

GHSA-PMF4-V838-29HG Directus allows privilege escalation using Share feature

Summary When sharing an item, user can specify an arbitrary role. It allows user to use a higher-privileged role to see fields that otherwise the user should not be able to see. Details Specifying role on share should be available only for admins. The current flow has a security flaw. Each other...

CVE-2024-56571

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Require entities to have a non-zero unique ID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each Unit and Terminal within the video function is assigned a unique...

CVE-2024-56571

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-56571

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Require entities to have a non-zero unique ID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each Unit and Terminal within the video function is assigned a unique...

CVE-2024-56571

CVE-2024-56571 entry is rejected/not used; not an active vulnerability.

bluez security update

5.63-3 + bluez-5.63-3 - Add back the tests for OSCI. 5.63-2 + bluez-5.63-2 - Change default of ClassicBondedOnly to true to align with HID specification. - Resolves: RHEL-18429 - Fixing CVE-2021-41229...

Mozilla Thunderbird < 128.5.2

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 128.5.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-69 advisory. - The Matrix specification demands homeservers to perform validation of the server-name and media-id components o...

Security Vulnerabilities fixed in Thunderbird 128.5.2 — Mozilla

The Matrix specification demands homeservers to perform validation of the server-name and media-id components of MXC URIs with the intent to prevent path traversal. However, it is not mentioned that a similar check must also be performed on the client to prevent client-side path traversal...

GHSA-H97M-WW89-6JMQ `idna` accepts Punycode labels that do not produce any non-ASCII when decoded

idna 0.5.0 and earlier accepts Punycode labels that do not produce any non-ASCII output, which means that either ASCII labels or the empty root label can be masked such that they appear unequal without IDNA processing or when processed with a different implementation and equal when processed with...

RUSTSEC-2024-0421 `idna` accepts Punycode labels that do not produce any non-ASCII when decoded

idna 0.5.0 and earlier accepts Punycode labels that do not produce any non-ASCII output, which means that either ASCII labels or the empty root label can be masked such that they appear unequal without IDNA processing or when processed with a different implementation and equal when processed with...

CVE-2024-11705

NSCDeriveKey inadvertently assumed that the phKey parameter is always non-NULL. When it was passed as NULL, a segmentation fault SEGV occurred, leading to crashes. This behavior conflicted with the PKCS11 v3.0 specification, which allows phKey to be NULL for certain mechanisms. This vulnerability...