19 matches found
Pepr Has Overly Permissive RBAC ClusterRole in Admin Mode
Severity: LOW Target: /workspace/pepr/src/lib/assets/rbac.ts Endpoint: Kubernetes RBAC configuration Method: Deployment Response / Rationale Pepr defaults to rbacMode: "admin" because the initial experience is designed to be frictionless for new users. This mode ensures that users can deploy and...
CVE-2025-69230
A flaw was found in aiohttp, an asynchronous HTTP client/server framework for asyncio and Python. A remote attacker can exploit this vulnerability by sending multiple specially crafted invalid cookies. This can trigger a storm of warning-level logs, leading to a Denial of Service DoS condition...
CVE-2025-69230
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs...
CVE-2025-69230
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs...
CVE-2025-69230 AIOHTTP Vulnerable to Cookie Parser Warning Storm
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs...
CVE-2025-69230
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs...
AIOHTTP Vulnerable to Cookie Parser Warning Storm
Summary Reading multiple invalid cookies can lead to a logging storm. Impact If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs using a specially crafted Cookie header. ---- Patch:...
EUVD-2025-2639
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-41047
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: i40e: Fix XDP program unloading while removing the driver The commit 6533e558c650 i40e: Fix...
Azure Linux 3.0 Security Update: kernel (CVE-2025-21690)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21690 advisory. - In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to...
scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
...
CVE-2022-49204 bpf, sockmap: Fix more uncharged while msg has more_data
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix more uncharged while msg has moredata In tcpbpfsendverdict, if msg has more data after tcpbpfsendmsgredir: tcpbpfsendverdict tosend = msg-sg.size //msg-sg.size = 22220 case SKREDIRECT: skmsgreturn //uncharged...
CVE-2025-21690
In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI warning for failed I/O can flood the kernel log and max out CPU utilization, preventing troubleshooti...
AZL-56949 CVE-2025-21690 affecting package kernel for versions less than 5.15.180.1-1
In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI warning for failed I/O can flood the kernel log and max out CPU utilization, preventing troubleshooti...
CVE-2025-21690
In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI warning for failed I/O can flood the kernel log and max out CPU utilization, preventing troubleshooti...
UBUNTU-CVE-2025-21690
In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI warning for failed I/O can flood the kernel log and max out CPU utilization, preventing troubleshooti...
CVE-2025-21690 scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI warning for failed I/O can flood the kernel log and max out CPU utilization, preventing troubleshooti...
CVE-2025-21690 scsi: storvsc: Ratelimit warning logs to prevent VM denial of service
In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI warning for failed I/O can flood the kernel log and max out CPU utilization, preventing troubleshooti...
cloud-init security, bug fix, and enhancement update
23.1.1-10.0.1 - Added missing services in rhel/systemd/cloud-init.service Orabug: 32183938 - Add IPv6 IMDS and dhcp6 support for Oracle Datasource Orabug: 35470783 - Increase retry value and add timeout for OCI Orabug: 35329883 - Fix log file permissions Orabug: 35302985 - Update detection logic...