13364 matches found
Security Bulletin: Due to use of Axios, IBM watsonx Code Assistant IDE Extensions is affected by unbounded memory and denial of service
Summary Axios is used internally by IBM watsonx Code Assistant IDE Extensions CVE-2025-58754 Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL...
lakeFS 安全漏洞
lakeFS is an open source tool from Treeverse Open Source that converts your object store into a Git-like repository. A security vulnerability exists in lakeFS 1.69.0 and earlier versions, which stems from a lack of authentication in the /api/v1/usage-report/summary endpoint that could lead to the...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990455)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990455 advisory. In the Linux kernel, the following vulnerability has been resolved: video: fbdev: nvidiafb: Use strscpy to prevent buffer overflow Coverity complains of a possible...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990639)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990639 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple...
Malicious Package
Overview vite-smart-chunk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview tailwindcss-setgrids is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview monobing is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview @isv-occ-payment/occ-payment-service is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...
Malicious Package
Overview @bbkkfkk/pre is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989438)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989438 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915/reset: Fix errorstateread ptr + offset use Fix our pointer offset usage in errorstaterea...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990301)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990301 advisory. In the Linux kernel, the following vulnerability has been resolved: um: vector: Do not use drvdata in release The drvdata is not available in release. Let's just use...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990256)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990256 advisory. In the Linux kernel, the following vulnerability has been resolved: um: net: Do not use drvdata in release The drvdata is not available in release. Let's just use...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990073)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990073 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper Inspired by syzbot reports using a stack of multiple...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990118)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990118 advisory. In the Linux kernel, the following vulnerability has been resolved: platform/x86: wmi: Fix opening of char device Since commit fa1f68db6ca7 drivers: misc: pass...
Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990107)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990107 advisory. In the Linux kernel, the following vulnerability has been resolved: video: fbdev: nvidiafb: Use strscpy to prevent buffer overflow Coverity complains of a possible...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989173)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989173 advisory. In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix PM usagecount for console handover When console is enabled, univ8250consolesetu...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990359)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990359 advisory. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: Fix possible buffer overflow struct hcidevinfo has a fixed size name8 field s...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988852)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988852 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: don't use devres for mdiobus As explained in commits: 74b6d7d13307 net: dsa:...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989628)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989628 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: prevent derefencing NULL ptr in pfnsectionvalid Commit 5ec8e8ea8b77 mm/sparsemem: fix race in...
mariadb:10.5 security update
galera 26.4.22-1 - Rebase to 26.4.22 Judy 1.0.5-18 - Remove README.Fedora; no longer needed since 1.0.5 version - Resolves: 1638717 1.0.5-17 - ldconfig scriptlets replaced by RPM File Triggers from Fedora 28 - Drop legacy BuildRoot: and Group: tags - Drop redundant explicit buildroot cleaning -...