CVE-2025-40248

In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect if already established During connect, acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect invoking vsocktransportcancelpkt -...

Linux Distros Unpatched Vulnerability : CVE-2025-40248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vsock: Ignore signal/timeout on connect if already established During connect, acting on a signal/timeout by disconnecting an already established socket leads t...

BIT-FLUX-2022-39272 Flux2 vulnerable to Denial of Service due to Improper use of metav1.Duration

Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields .spec.interv...

CVE-2025-53896

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0...

EUVD-2025-199898

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0...

Kiteworks Mft 代码问题漏洞

Kiteworks Mft is a software for securely managing internal and external data transfers from Kiteworks USA. A code issue vulnerability exists in Kiteworks Mft versions prior to 9.1.0 that stems from an improper session timeout mechanism that could cause a session to remain active...

PT-2025-48357

Name of the Vulnerable Software and Affected Versions Kiteworks MFT versions prior to 9.1.0 Description Kiteworks MFT orchestrates end-to-end file transfer workflows. A flaw exists where a user’s active session may not properly time out due to inactivity under certain circumstances. This issue wa...

MAL-2025-191361 Malicious code in @voiceflow/nestjs-timeout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13d9067ab95136128bf92e8d28b434d340ae4fd7cd2c8e06f3378c71c3f6f2b1 The package @voiceflow/nestjs-timeout was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199401

Malicious code in @voiceflow/nestjs-timeout npm...

Malicious code in @voiceflow/nestjs-timeout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13d9067ab95136128bf92e8d28b434d340ae4fd7cd2c8e06f3378c71c3f6f2b1 The package @voiceflow/nestjs-timeout was found to contain malicious code. Source: ghsa-malware...

ImageMagick Installed (Linux)

ImageMagick Tool is installed on the remote Linux host. Additional information: - More paths will be searched and the timeout for the search will be increased if 'Perform thorough tests' setting is enabled. - The plugin timeout can be set to a custom value other than the plugin's default of 30...

podman security update

5.6.0-6.0.1 - Add devices on container startup, not on creation - overlay: Put should ignore ENINVAL for Unmount Orabug: 36234694 - Drop nmap-ncat requirement and skip ignore-socket test case Orabug: 34117404 6:5.6.0-6 - update to the latest content of...

SUSE-SU-2025:4196-1 Security update for grub2

This update for grub2 fixes the following issues: - CVE-2025-54770: Fixed missing unregister call for netsetvlan command may lead to use-after-free bsc1252930 - CVE-2025-54771: Fixed rubfileclose does not properly controls the fs refcount bsc1252931 - CVE-2025-61661: Fixed out-of-bounds write in...

openSUSE 16 Security Update : samba (openSUSE-SU-2025-20048-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025-20048-1 advisory. Update to 4.22.5: CVE-2025-10230: Command injection via WINS server hook script bsc1251280. CVE-2025-9640: uninitialized memory disclosure via...

python-kdcproxy: Remote DoS via unbounded TCP upstream buffering

If an attacker causes kdcproxy to connect to an attacker-controlled KDC server e.g. through server-side request forgery, they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copie...

CVE-2025-59113 Bruteforce Protection Bypass in Windu CMS

Windu CMS implements weak client-side brute-force protection by using parameter loginError. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting this parameter. Only version 4.1 was tested and...

SUSE-SU-2025:4123-1 Security update for the Linux Kernel (Live Patch 61 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.231 fixes various security issues The following security issues were fixed: - CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1232637. - CVE-2022-49014: net: tun: Fix use-after-free in tundetach bsc1232818. - CVE-2022-49053...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-49963)

mailbox: bcm2835: timeout during suspend mode. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504800; scriptversion"1.3";...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-42095)

serial: 8250omap: Erroneous timeout can be triggered, and it may lead to storm of interrupts. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

FreeBSD : sudo-rs -- Partial password reveal when password timeout occurs (c1ceaaea-c2e7-11f0-8372-98b78501ef2a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c1ceaaea-c2e7-11f0-8372-98b78501ef2a advisory. Trifecta Tech Foundation reports: When typing partial passwords but not pressing return for a long time...