Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989438)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989438 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915/reset: Fix errorstateread ptr + offset use Fix our pointer offset usage in errorstaterea...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990073)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990073 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990256)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990256 advisory. In the Linux kernel, the following vulnerability has been resolved: um: net: Do not use drvdata in release The drvdata is not available in release. Let's just use...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989628)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989628 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: prevent derefencing NULL ptr in pfnsectionvalid Commit 5ec8e8ea8b77 mm/sparsemem: fix race in...

ROS-20251105-02

A vulnerability in the LibTIFF library is related to a bounds checking bug in the setrow function in tools/thumbnail.c. Exploitation of the vulnerability could allow an attacker to execute arbitrary code on the target system A vulnerability in the LibTIFF library is related to a bounds checking b...

mariadb:10.5 security update

galera 26.4.22-1 - Rebase to 26.4.22 Judy 1.0.5-18 - Remove README.Fedora; no longer needed since 1.0.5 version - Resolves: 1638717 1.0.5-17 - ldconfig scriptlets replaced by RPM File Triggers from Fedora 28 - Drop legacy BuildRoot: and Group: tags - Drop redundant explicit buildroot cleaning -...

Malicious Package

Overview tailwind-fa-bridge is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion

A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...

PT-2025-45375

Name of the Vulnerable Software and Affected Versions runc versions 1.2.7 through 1.3.2 runc version 1.4.0-rc.2 Description The runC tool is a lightweight implementation of the Open Container Format OCF used for container runtime. A flaw exists in runC that allows an attacker to manipulate writes...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the /api/v1/usage-report/summary endpoint. An attacker can access aggregate API usage counts by sending unauthenticated requests to this endpoint, potentially revealing information about service activity or...

lakeFS affected by unauthenticated access to API usage metrics

Impact Missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may reveal information about service activity or uptime. Patches Upgrade to v1.70.1 Workarounds Any ONE of these is...

GHSA-H238-5MWF-8XW8 lakeFS affected by unauthenticated access to API usage metrics

Impact Missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may reveal information about service activity or uptime. Patches Upgrade to v1.70.1 Workarounds Any ONE of these is...

[SECURITY] Fedora 42 Update: rust-get-size2-0.7.0-2.fc42

Determine the size in bytes an object occupies inside RAM...

PT-2025-45013

Name of the Vulnerable Software and Affected Versions lakeFS versions prior to 1.71.0 Description lakeFS is a tool that transforms object storage into Git-like repositories. Versions 1.69.0 and below lack authentication for the /api/v1/usage-report/summary endpoint, allowing unauthorized access t...

Malicious Package

Overview sechub-openapi-ts-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview sechub-openapi-typescript is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview monoblast is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview monophonic is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

Malicious Package

Overview ofjaaaah-helper-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview geopost-web-component is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...