4645 matches found
MAL-2025-44709 Malicious code in iota-sync-json-andromeda (npm)
The package iota-sync-json-andromeda was found to contain malicious code...
MAL-2025-44171 Malicious code in eslint-plugin-gridsome-zenobia-sync (npm)
The package eslint-plugin-gridsome-zenobia-sync was found to contain malicious code...
MAL-2025-46242 Malicious code in taurus-babel-betelgeuse-sync (npm)
The package taurus-babel-betelgeuse-sync was found to contain malicious code...
MAL-2025-44754 Malicious code in janus-install-bunyan-sync (npm)
The package janus-install-bunyan-sync was found to contain malicious code...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the error handling for parameters marshalling. An attacker can obtain sensitive service account tokens sent to the providers by accessing log files containing these credentials...
CVE-2025-7445
Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs...
CVE-2025-7445
Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs...
CVE-2025-7445 Kubernetes secrets-store-sync-controller discloses service account tokens in logs
Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs...
Where Have All the Firewalls Gone? Security Consequences of Residential IPv6 Transition
IPv4 NAT has limited the spread of IoT botnets considerably by default-denying bots' incoming connection requests to in-home devices unless the owner has explicitly allowed them. As the Internet transitions to majority IPv6, however, residential connections no longer require the use of NAT. This...
PT-2025-36631
Hello Kubernetes Community, A security issue was discovered in secrets-store-sync-controller where an actor with access to the controller logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vau...
PT-2025-36106
Name of the Vulnerable Software and Affected Versions Kubernetes secrets-store-sync-controller versions prior to 0.0.2 Description The Kubernetes secrets-store-sync-controller discloses service account tokens in logs. Recommendations Update to version 0.0.2 or later...
SUSE CVE-2025-38717
In the Linux kernel, the following vulnerability has been resolved: net: kcm: Fix race condition in kcmunattach syzbot found a race condition when kcmunattachpsock and kcmreleasekcm are executed at the same time. kcmunattach is missing a check of the flag kcm-txstopped before calling queuework. I...
DEBIAN-CVE-2025-38717
In the Linux kernel, the following vulnerability has been resolved: net: kcm: Fix race condition in kcmunattach syzbot found a race condition when kcmunattachpsock and kcmreleasekcm are executed at the same time. kcmunattach is missing a check of the flag kcm-txstopped before calling queuework. I...
AZL-66887 CVE-2025-38717 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: net: kcm: Fix race condition in kcmunattach syzbot found a race condition when kcmunattachpsock and kcmreleasekcm are executed at the same time. kcmunattach is missing a check of the flag kcm-txstopped before calling queuework. I...
AZL-70783 CVE-2025-38717 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: net: kcm: Fix race condition in kcmunattach syzbot found a race condition when kcmunattachpsock and kcmreleasekcm are executed at the same time. kcmunattach is missing a check of the flag kcm-txstopped before calling queuework. I...
UBUNTU-CVE-2025-38717
In the Linux kernel, the following vulnerability has been resolved: net: kcm: Fix race condition in kcmunattach syzbot found a race condition when kcmunattachpsock and kcmreleasekcm are executed at the same time. kcmunattach is missing a check of the flag kcm-txstopped before calling queuework. I...
CVE-2025-38717 net: kcm: Fix race condition in kcm_unattach()
In the Linux kernel, the following vulnerability has been resolved: net: kcm: Fix race condition in kcmunattach syzbot found a race condition when kcmunattachpsock and kcmreleasekcm are executed at the same time. kcmunattach is missing a check of the flag kcm-txstopped before calling queuework. I...
CVE-2025-38717
CVE-2025-38717 – net/kcm race condition (Linux kernel) : Syzbot observed a race between kcm_unattach(psock) and kcm_release(kcm). The bug stems from a missing check of the flag kcm->tx_stopped before queue_work(), which can allow requeuing kcm->tx_work between cancel_work_sync() and unreser...
CVE-2025-38717 net: kcm: Fix race condition in kcm_unattach()
In the Linux kernel, the following vulnerability has been resolved: net: kcm: Fix race condition in kcmunattach syzbot found a race condition when kcmunattachpsock and kcmreleasekcm are executed at the same time. kcmunattach is missing a check of the flag kcm-txstopped before calling queuework. I...
f2fs: fix to avoid UAF in f2fs_sync_inode_meta()
...