75 matches found
PT-2026-51720
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the compat mtw from user function within the netfilter ebtables component. The issue occurs because the function fails to properly validate the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: fsnotify: Do not generate ACCESS/MODIFY events for special files in child processes. inotify/fanotify: Do not allow users who have no read access to a file to subscribe to events like INACCESS/INMODIFY. However, users can stil...
GHSA-273H-GVWR-C3QJ CrowdSec LAPI: Denial of Service via Unbounded Gzip Decompression
The LAPI router uses gin-contrib/gzip with DefaultDecompressHandle globally pkg/apiserver/controllers/controller.go. This middleware decompresses incoming request bodies without enforcing a maximum decompressed size. The endpoints /v1/watchers or /v1/watchers/login require no authentication. An...
CrowdSec LAPI: Denial of Service via Unbounded Gzip Decompression
The LAPI router uses gin-contrib/gzip with DefaultDecompressHandle globally pkg/apiserver/controllers/controller.go. This middleware decompresses incoming request bodies without enforcing a maximum decompressed size. The endpoints /v1/watchers or /v1/watchers/login require no authentication. An...
PT-2026-44130
Name of the Vulnerable Software and Affected Versions CrowdSec LAPI affected versions not specified Description The LAPI router utilizes the gin-contrib/gzip middleware with DefaultDecompressHandle globally in pkg/apiserver/controllers/controller.go. This middleware decompresses incoming request...
ClawKeeper: Comprehensive Safety Protection for OpenClaw Agents through Skills, Plugins, and Watchers
Whitepaper called ClawKeeper: Comprehensive Safety Protection For OpenClaw Agents Through Skills, Plugins, And Watchers...
GHSA-8FWC-QJW5-RVGP Gitea may send release notification emails for private repositories to users whose access has been revoked
Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags,...
SUSE CVE-2025-68788
In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...
AZL-74447 CVE-2025-68788 affecting package kernel for versions less than 6.6.121.1-1
In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...
CVE-2025-68788
In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...
CVE-2025-68788
In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...
UBUNTU-CVE-2025-68788
In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...
CVE-2025-68788 fsnotify: do not generate ACCESS/MODIFY events on child for special files
In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...
CVE-2025-68788
In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...
CVE-2025-68788
CVE-2025-68788 is addressed in OSV:OESA-2026-1305, which reports a Linux kernel security update for the fsnotify subsystem. The fix aligns fsnotify behavior with file-attrib semantics by not generating ACCESS/MODIFY events for parent watchers when a read/write occurs on special files (e.g., /dev/...
PT-2026-2520
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel had an issue where inotify and fanotify allowed users without read access to a file to subscribe to events on its children when they had access to the parent directory...
EUVD-2022-51290
Malicious code in bioql PyPI...
EUVD-2022-51291
Malicious code in bioql PyPI...
EUVD-2024-1001
Malicious code in bioql PyPI...
Security Bulletin: Vulnerabilities exists in IBM Netezza Performance Server Replication Services
Summary Vulnerabilities exists in IBM Netezza Performance Server Replication Services are addressed in 3.0.5.0 Vulnerability Details CVEID:CVE-2023-44981 DESCRIPTION: Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled ...