Lucene search
K

13367 matches found

Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.5 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989628)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989628 advisory. In the Linux kernel, the following vulnerability has been resolved: mm: prevent derefencing NULL ptr in pfnsectionvalid Commit 5ec8e8ea8b77 mm/sparsemem: fix race in...

5.5CVSS6.2AI score0.00255EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2025/11/05 12:0 a.m.5 views

mariadb:10.5 security update

galera 26.4.22-1 - Rebase to 26.4.22 Judy 1.0.5-18 - Remove README.Fedora; no longer needed since 1.0.5 version - Resolves: 1638717 1.0.5-17 - ldconfig scriptlets replaced by RPM File Triggers from Fedora 28 - Drop legacy BuildRoot: and Group: tags - Drop redundant explicit buildroot cleaning -...

6.8CVSS7AI score0.01236EPSS
Exploits0
Redos
Redos
added 2025/11/05 12:0 a.m.6 views

ROS-20251105-02

A vulnerability in the LibTIFF library is related to a bounds checking bug in the setrow function in tools/thumbnail.c. Exploitation of the vulnerability could allow an attacker to execute arbitrary code on the target system A vulnerability in the LibTIFF library is related to a bounds checking b...

8.8CVSS7.8AI score0.00739EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989410)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989410 advisory. In the Linux kernel, the following vulnerability has been resolved: um: vector: Do not use drvdata in release The drvdata is not available in release. Let's just use...

5.5CVSS6.1AI score0.00242EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.1 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989791)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989791 advisory. In the Linux kernel, the following vulnerability has been resolved: um: ubd: Do not use drvdata in release The drvdata is not available in release. Let's just use...

5.5CVSS6.1AI score0.00242EPSS
Exploits0References4
Snyk
Snyk
added 2025/11/04 10:42 p.m.1 views

Malicious Package

Overview tailwind-fa-bridge is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/11/04 7:51 p.m.4 views

rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion

A memory-exhaustion vulnerability exists in Rack when parsing application/x-www-form-urlencoded request bodies. Rack::RequestPOST reads the entire request body into memory without enforcing a maximum length or cap. Attackers can exploit this by sending large form submissions, potentially causing...

7.5CVSS6.4AI score0.00591EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/11/04 12:0 a.m.8 views

PT-2025-45375

Name of the Vulnerable Software and Affected Versions runc versions 1.2.7 through 1.3.2 runc version 1.4.0-rc.2 Description The runC tool is a lightweight implementation of the Open Container Format OCF used for container runtime. A flaw exists in runC that allows an attacker to manipulate writes...

7.5CVSS7AI score0.00526EPSS
Exploits1References221
OSV
OSV
added 2025/11/03 9:49 p.m.4 views

GHSA-H238-5MWF-8XW8 lakeFS affected by unauthenticated access to API usage metrics

Impact Missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may reveal information about service activity or uptime. Patches Upgrade to v1.70.1 Workarounds Any ONE of these is...

5.3CVSS7AI score0.00251EPSS
Exploits0References4
Snyk
Snyk
added 2025/11/03 9:49 p.m.1 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the /api/v1/usage-report/summary endpoint. An attacker can access aggregate API usage counts by sending unauthenticated requests to this endpoint, potentially revealing information about service activity or...

6.9CVSS6.9AI score0.00251EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/11/03 9:49 p.m.8 views

lakeFS affected by unauthenticated access to API usage metrics

Impact Missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may reveal information about service activity or uptime. Patches Upgrade to v1.70.1 Workarounds Any ONE of these is...

5.3CVSS7AI score0.00251EPSS
Exploits0References4Affected Software1
Fedora
Fedora
added 2025/11/03 1:7 a.m.8 views

[SECURITY] Fedora 42 Update: rust-get-size2-0.7.0-2.fc42

Determine the size in bytes an object occupies inside RAM...

8.1CVSS7AI score0.00688EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.5 views

PT-2025-45013

Name of the Vulnerable Software and Affected Versions lakeFS versions prior to 1.71.0 Description lakeFS is a tool that transforms object storage into Git-like repositories. Versions 1.69.0 and below lack authentication for the /api/v1/usage-report/summary endpoint, allowing unauthorized access t...

5.3CVSS6.3AI score0.00251EPSS
Exploits0References11
Snyk
Snyk
added 2025/11/02 11:50 p.m.1 views

Malicious Package

Overview sechub-openapi-typescript is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/02 11:50 p.m.2 views

Malicious Package

Overview sechub-openapi-ts-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/02 11:46 p.m.2 views

Malicious Package

Overview monoblast is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/02 11:45 p.m.1 views

Malicious Package

Overview monophonic is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/02 11:44 p.m.2 views

Malicious Package

Overview ofjaaaah-helper-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
Snyk
Snyk
added 2025/11/02 11:38 p.m.3 views

Malicious Package

Overview geopost-web-component is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/11/01 7:15 p.m.4 views

CVE-2025-12600

Web UI Malfunction when setting unexpected locale via API.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

9.8CVSS5.8AI score0.00337EPSS
Exploits0References1
Rows per page
Query Builder