MAL-2026-4752 Malicious code in gt-tester-exp-profiler-exp-00000015 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55fc219f03cbaeeedb660ad423cc7af08ff1d29154c8b8989b7b0c5d7d5c3d75 setup.py installs a.pth file containing import gttesterexpprofilerexp00000015.probe; probe.runprobe, causing every Python interpreter start on the...

[SECURITY] Fedora 44 Update: plasma-activities-stats-6.6.4-1.fc44

Library to access the usage statistics data collected by the KDE activity man ager...

CVE-2026-32114

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access metadata about AI personas, features, and LLM models by providing their...

Missing Authorization

github.com/treeverse/lakefs is vulnerable to Missing Authorization. The vulnerability is due to lack of authentication checks on the /api/v1/usage-report/summary endpoint, which allows an attacker to access aggregate API usage information without authorization...

Samsung TVs stop spying on viewers in Texas. Here’s how to disable ACR anywhere

Samsung has settled a lawsuit with the Texas Attorney General over how its smart TVs collect and monetize viewing data using Automated Content Recognition ACR. As part of the settlement, Samsung agreed to stop collecting ACR data from Texans without explicit, informed consent and to rewrite its...

CVE-2025-64179

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. In versions 1.69.0 and below, missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may...

Gitlab -- vulnerabilities

Gitlab reports: Privilege Escalation via LFS Tokens DoS through uncontrolled resource consumption when viewing a maliciously crafted cargo.toml file Unintended Access to Usage Data via Scoped Tokens Gitlab DOS via Harbor registry integration Resource exhaustion and denial of service with testrepo...

Virtuozzo Hybrid Infrastructure 6.3 (6.3.0-170)

In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover the compute service and our ecosystem of backup and disaster recovery solutions. Additionally, this release delivers stability and security improvements, and addresses issues found in previous releases...

Virtuozzo Hybrid Infrastructure 6.2 Update 1 Hotfix 2 (6.2.1-66)

This update provides stability fixes. Vulnerability id: VSTOR-93320 Cannot update a cluster due to little free space on the boot partition. Vulnerability id: VSTOR-93349 During a cluster update, VM live migration may fail with the libvirt error. Vulnerability id: VSTOR-93365 Fixed detaching CD-RO...

Persistence – Windows Telemetry

Microsoft has introduced the compatibility telemetry in order to collect usage and performance data about Windows systems. The telemetry tasks are collected via the binary… Continue reading - Persistence - Windows Telemetry...

CVE-2022-44565

An improper access validation vulnerability exists in airMAX AC 8.7.11, airFiber 60/LR 2.6.2, airFiber 60 XG/HD v1.0.0 and airFiber GBE 1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device...

HCL Technologies HCL Launch 日志信息泄露漏洞

HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, India. for handling the most complex deployment processes in DevOps. HCL Technologies HCL Launch suffers from an information disclosure vulnerability that stems from the...

Privacy compliance for smart meter infrastructure with Microsoft Information Protection and Azure Purview

Smart meters and smart grid infrastructure have been deployed in many of the world’s electric distribution grids. They promise energy conservation, better grid management for utilities, electricity theft reduction, and a host of value-added services for consumers. To deliver on this promise, they...

CVE-2021-1071

NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead...

CVE-2021-1071

NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead...

CVE-2019-1692

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC Software could allow an unauthenticated, remote attacker to access sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms for certa...

Security Bulletin: Rational License Key Server Administration and Reporting Tool vulnerability (CVE-2014-0909, CVE-2014-3079 and CVE-2014-4756)

Summary Three possible security vulnerabilities have been reported in Rational License Key Server Administration and Reporting Tool. There have been no reported exploits of these vulnerabilities. Vulnerability Details | Subscribe to My Notifications to be notified of important product support...

Microsoft Office: Improve Proofing Tools"

This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013improveproofingtools.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Improve Proofing Tools" Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program i...

Update Rollup 10 for System Center 2012 R2 Orchestrator - Service Provider Foundation

Update Rollup 10 for System Center 2012 R2 Orchestrator - Service Provider Foundation Introduction This article describes the issues that are fixed in Update Rollup 10 for Microsoft System Center 2012 R2 Orchestrator - Service Provider Foundation. It also contains the installation instructions fo...