13371 matches found
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987515)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987515 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dsa: bcmsf2: don't use devres for mdiobus As explained in commits: 74b6d7d13307 net: dsa:...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987516)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987516 advisory. In the Linux kernel, the following vulnerability has been resolved: tpm: use trygetops in tpm-space.c As part of the series conversion to remove nested TPM operation...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987561)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987561 advisory. In the Linux kernel, the following vulnerability has been resolved: net: dsa: ar9331: register the mdiobus under devres As explained in commits: 74b6d7d13307 net: ds...
PT-2025-43268
Name of the Vulnerable Software and Affected Versions NeuVector versions prior to 5.4.7 Description A critical issue exists in NeuVector where the enforcer component improperly handles environment variables CLUSTER RPC PORT and CLUSTER LAN PORT. These variables are used to construct shell command...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987566)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987566 advisory. In the Linux kernel, the following vulnerability has been resolved: f2fs: remove WARNON in f2fsisvalidblkaddr Syzbot triggers two WARNs in f2fsisvalidblkaddr and...
Malicious Package
Overview funny-font-wow is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview solhint-plugin-namechain is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
JLSEC-2025-148 A flaw was found in FFmpeg
A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation...
New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs
Cybersecurity researchers have shed light on a new campaign that has likely targeted the Russian automobile and e-commerce sectors with a previously undocumented .NET malware dubbed CAPI Backdoor. According to Seqrite Labs, the attack chain involves distributing phishing emails containing a ZIP...
SUSE CVE-2025-59043
OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decoding may use significantly more memory than their serialized version. It is possible to craft a JSON payload to maximize the factor between serialized memory usage and...
JLSEC-2025-94 In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data th...
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...
GHSA-G46H-2RQ9-GW5M OpenBao has potential Denial of Service vulnerability when processing malicious unauthenticated JSON requests
Summary JSON objects after decoding might use more memory than their serialized version. It is possible to tune a JSON to maximize the factor between serialized memory usage and deserialized memory usage similar to a zip bomb. While reproducing the issue, we could reach a factor of about 35. This...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the processing of malicious JSON payloads in the request handling process. An attacker can exhaust system memory and CPU resources by sending specially crafted JSON objects that, when deserialized, consume...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS via the processing of malicious JSON payloads in the request handling process. An attacker can exhaust system memory and CPU resources by sending specially crafted JSON objects that, when deserialized, consume...
EUVD-2025-34841
Malicious code in usage-tracker-secured npm...
Malicious code in usage-tracker-secured (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f1b7a443b3167fff4524481ab0e2a965023fdb4379674c580d905e30aacc7f70 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-48440 Malicious code in usage-tracker-secured (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f1b7a443b3167fff4524481ab0e2a965023fdb4379674c580d905e30aacc7f70 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-11492
In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. Additionally, the encryption method used to obfuscate some...
CVE-2025-62409
CVE-2025-62409 affects Envoy, where large requests/responses can trigger TCP connection pool crashes due to flow-control handling when the connection is closing but upstream data still arrives, causing a buffer watermark callback nullptr reference. Affected products include the Envoy core with TC...
CVE-2025-47150
When SNMP is configured on F5OS Appliance and Chassis systems, undisclosed requests can cause an increase in SNMP memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...