Siemens SIMATIC Devices Use of Uninitialized Variable (CVE-2024-35888)

In the Linux kernel, the following vulnerability has been resolved: erspan: make sure erspanbasehdr is present in skb-head. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc...

Siemens SIMATIC Devices Stack-based Buffer Overflow (CVE-2023-4911)

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

Timing Attack

com.ongres.scram:scram-common is vulnerable to Timing Attack. The vulnerability is due to the use of Arrays.equals for comparing sensitive authentication values, which performs short-circuit evaluations and causes variable execution times, allowing an attacker to exploit timing differences to inf...

Siemens SIMATIC Devices Missing Initialization of a Variable (CVE-2024-45018)

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2025-2267)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

curl: Use of Deprecated strcpy() with User-Controlled Environment Variable in Memory Debug Initialization

Discovery Method Step 1: Initial Security Scan Find all files using dangerous string functions find src/ -name ".c" -exec grep -l "strcpy|strcat|sprintf|gets" ; OUTPUT: src/toolprogress.c src/toolmain.c Step 2: Locate Vulnerable Code in Main.c Find exact strcpy usage in toolmain.c grep -n...

CVE-2023-53722 md: raid1: fix potential OOB in raid1_remove_disk()

In the Linux kernel, the following vulnerability has been resolved: md: raid1: fix potential OOB in raid1removedisk If rddev-raiddisk is greater than mddev-raiddisks, there will be an out-of-bounds in raid1removedisk. We have already found similar reports as follows: 1 commit d17f744e883b...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987643)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987643 advisory. In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports 0 that his recent...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987679)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987679 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential double free in createvarref In createvarref, initvarref is called to...

FreeBSD : Hidden/Protected custom variables are prone to filter enumeration (4553e4b3-addf-11f0-9b8d-40a6b7c3b3b8)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4553e4b3-addf-11f0-9b8d-40a6b7c3b3b8 advisory. Icinga reports: An authorized user with access to Icinga DB Web, can use a custom variable in a filter...

Malware Using Variable Functions and Cookies For Obfuscation

📢 Calling all Vulnerability Researchers and Bug Bounty Hunters!📢 🚀 Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,2...

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nfsd: don't ignore the return code of svcprocregister CVE-2025-22026 kernel: firmware: armscpi: Ensure scpiinfo is not assigned if the probe fails CVE-2022-50087 kernel: sunrpc: fix clien...

F5 BIG-IP TMM Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial-of-service vulnerability exists in BIG-IP's TMM Traffic Management Microkernel module, which arises because specific...

Linux Distros Unpatched Vulnerability : CVE-2025-61789

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom...

CVE-2025-61789

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

DEBIAN-CVE-2025-61789

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

UBUNTU-CVE-2025-61789

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

EUVD-2025-34795

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

CVE-2025-61789 Icinga DB Web hidden/protected custom variables are prone to filter enumeration

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

Icinga DB Web 安全漏洞

Icinga DB Web is an Icinga open source graphical interface to the Icinga DB database. A security vulnerability exists in Icinga DB Web versions prior to 1.1.4 and prior to 1.2.3, which originates from an authorized user being able to guess the value of a protected or hidden variable via a custom...