USN-7961-1: Erlang vulnerability

It was discovered that Erlang incorrectly validated peer certificates when incorrect extended key usage was presented. A remote attacker could possibly use this issue to bypass SSL key usage restrictions...

USN-7961-1 erlang vulnerability

It was discovered that Erlang incorrectly validated peer certificates when incorrect extended key usage was presented. A remote attacker could possibly use this issue to bypass SSL key usage restrictions...

kernel: can: j1939: implement NETDEV_UNREGISTER notification handler

A flaw was discovered in the J1939 protocol implementation in the Linux kernel. The NETDEVUNREGISTER notification handler was missing for undoing changes performed by j1939skbind. As a result, an extra reference remains on the j1939priv structure when unregistering a network device, preventing it...

Denial-of-Service (DoS)

Marshmallow is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to inefficient processing in Schema.loaddata, many=True, where moderately sized inputs can trigger excessive CPU consumption, allowing attackers to degrade service availability through crafted requests...

ROS-20260114-7329

A vulnerability in the ovlencoderealfh fs/overlayfs/copyup.c and showmarkfhandle fs/notify/fdinfo.c functions of the Linux operating system kernel is related to a flaw in the use of assert. Exploitation of the vulnerability allows an attacker to cause a denial of service...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001381)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001381 advisory. A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget which are aligned to PUD...

Linux Distros Unpatched Vulnerability : CVE-2025-71102

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct...

Ubuntu 24.04 LTS : Erlang vulnerability (USN-7961-1)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7961-1 advisory. It was discovered that Erlang incorrectly validated peer certificates when incorrect extended key usage was presented. A remote attacker could possibly use this...

CVE-2026-0840

A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Affected by this vulnerability is the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart leads to buffer overflow. It is possible to initiate the attack remotely. The exploi...

EUVD-2026-2010

go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8...

CVE-2025-68704 Jervis has a Weak Random for Timing Attack Mitigation

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random which is not cryptographically secure for timing attack mitigation. This vulnerability is fixed in 2.2...

Astra Linux – Vulnerability in ruby-sinatra

Sinatra is a domain-specific language for creating web applications in Ruby. In versions prior to 4.2.0, there was a denial-of-service vulnerability in the If-Match and If-None-Match header parsing component of Sinatra, if the etag method was used when constructing the response. Carefully crafted...

Astra Linux – Vulnerability in ffmpeg

A flaw was discovered in FFmpeg. This vulnerability allows for unexpected additional CPU load and storage consumption, potentially leading to reduced performance or denial of service due to the demuxing of arbitrary data as XBIN-format data without proper format validation...

Astra Linux – Vulnerability in Ruby-Rack

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, “Rack::Multipart::Parser” stores non-file form fields fields without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes ...

Malicious Package

Overview francium-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview extended-path is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the asixreadphyaddr function not validating the PHY address, which could lead to invalid address usage...

MiracleLinux 9 : python3.12-3.12.5-2.el9_5.3 (AXSA:2025-9842:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9842:01 advisory. cpython: python: Uncontrolled CPU resource consumption when in http.cookies module CVE-2024-7592 Tenable has extracted the preceding description block direct...

openc3-api Vulnerable to Unauthenticated Remote Code Execution

Summary OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. When a JSON-RPC request uses the string form of certain APIs, attacker-controlled parameter text is parsed into values using Stringconverttovalue. For array-like inputs, converttovalu...

Malicious Package

Overview tailwindcss-animate-tool is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...