Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990066)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990066 advisory. In the Linux kernel, the following vulnerability has been resolved: net/dpaa2: Avoid explicit cpumask var allocation on stack For CONFIGCPUMASKOFFSTACK=y kernel,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990218)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990218 advisory. In the Linux kernel, the following vulnerability has been resolved: net/dpaa2: Avoid explicit cpumask var allocation on stack For CONFIGCPUMASKOFFSTACK=y kernel,...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988693)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988693 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/vrr: Set VRR capable prop only if it is attached to connector VRR capable property is not...

TencentOS Server 4: grafana-pcp (TSSA-2025:0833)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0833 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

GHSA-H238-5MWF-8XW8 lakeFS affected by unauthenticated access to API usage metrics

Impact Missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may reveal information about service activity or uptime. Patches Upgrade to v1.70.1 Workarounds Any ONE of these is...

Improper Resource Management

Dragonfly is vulnerable to Improper Resource Management. The vulnerability is due to the processPieceFromSource method failing to update the usedTraffic field because of an uninitialized variable, which allows an attacker to exploit incorrect rate limiting and cause a denial-of-service condition...

EUVD-2025-37384

If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables...

AZL-69628 CVE-2025-6075 affecting package python3 for versions less than 3.12.9-6

If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables...

UBUNTU-CVE-2025-6075

If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables...

CVE-2025-6075

CVE-2025-6075 affects Python’s os.path.expandvars() with user-controlled input, causing potential performance degradation during environment variable expansion. Connected advisories confirm this affects multiple Python versions and distributions, with patches available: Debian LTS DLA-4445-1 (pyt...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix accesses to uninit stack slots Privileged programs are supposed to be able to read uninitialized stack memory ever since 6715df8d5 but, before this patch, these accesses were permitted inconsistently. In particular,...

EUVD-2011-5264

Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting XSS via the handling of xiwindow variables used to build permalinks in the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the...

CPython 安全漏洞

CPython is a Python interpreter implemented in C from the Python Foundation. A security vulnerability exists in CPython versions prior to 3.15.0, which stems from a user-controllable value passed to os.path.expandvars that could lead to degraded environment variable expansion performance...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the openEditor function when the EDITOR environment variable and configuration file path that are passed unsanitized to a shell command. An attacker can execute arbitrary system commands by manipulating the EDITOR...

GHSA-XGP7-7QJQ-VG47 n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

Impact A remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigg...

n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

Impact A remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use of the Commit operation in the Git Node can inadvertently trigg...

curl: Buffer over-read,, Missing NUL termination in addvariable() causes undefined behavior

Summary: In addvariable used by setvariable, the code allocates memory for p-name without space for a null-terminator and copies nlen bytes directly. Later, functions like varcontent call strlen on this name, assuming it is null-terminated. This can lead to out-of-bounds memory reads, causing...

sqls 安全漏洞

sqls is the sqls-server open source a SQL language server written in Go. A security vulnerability exists in sqls version 0.2.28, which stems from the openEditor function not cleaning up the EDITOR environment variable and configuration file path, which could lead to a command injection attack...

PT-2025-44455

Name of the Vulnerable Software and Affected Versions sqls-server/sqls version 0.2.28 Description sqls-server/sqls version 0.2.28 contains a command injection issue in the config command. The openEditor function passes the EDITOR environment variable and the config file path to sh -c without prop...

CVE-2025-10929 Reverse Proxy Header - Less critical - Access bypass - SA-CONTRIB-2025-111

Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2...