Fedora 44 : editorconfig (2026-4fb6f57673)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-4fb6f57673 advisory. Update to 0.12.11: security fix for CVE-2026-40489. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...

OESA-2026-2260 editorconfig security update

EditorConfig makes it easy to maintain the correct coding style when switching between different text editors and between different projects. The EditorConfig project maintains a file format and plugins for various text editors which allow this file format to be read and used by those editors...

OESA-2026-2259 editorconfig security update

EditorConfig makes it easy to maintain the correct coding style when switching between different text editors and between different projects. The EditorConfig project maintains a file format and plugins for various text editors which allow this file format to be read and used by those editors...

OPENSUSE-SU-2026:10663-1 editorconfig-0.12.11-1.1 on GA media

These are all security issues fixed in the editorconfig-0.12.11-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-40489

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directo...

CVE-2026-40489

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directo...

CVE-2026-40489

CVE-2026-40489 affects editorconfig-core-c. Versions ≤ 0.12.10 have a stack-based buffer overflow in ec_glob() that can crash an application using libeditorconfig when given a crafted directory and .editorconfig file; this is an incomplete fix for CVE-2023-0341. The issue relates to the pcre_str ...

CVE-2026-40489

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directo...

CVE-2026-40489

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directo...

CVE-2026-40489

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directo...

Linux Distros Unpatched Vulnerability : CVE-2026-40489

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based...

Security update for gstreamer-plugins-rs

This update for gstreamer-plugins-rs fixes the following issues: Update to version 0.12.11 jscPED-13826: CVE-2024-32650: Fixed infinite loop in rustls::conn::ConnectionCommon:completeio with proper client input bsc1223219. Patch Instructions: To install this SUSE update use the SUSE recommended...

SUSE-SU-2025:03629-1 Security update for gstreamer-plugins-rs

This update for gstreamer-plugins-rs fixes the following issues: Update to version 0.12.11 jscPED-13826: - CVE-2024-32650: Fixed infinite loop in rustls::conn::ConnectionCommon:completeio with proper client input bsc1223219...

CVE-2022-2024 OS Command Injection in gogs/gogs

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11...

PT-2023-12641 · Gogs · Gogs

Name of the Vulnerable Software and Affected Versions: gogs/gogs versions prior to 0.12.11 Description: The issue allows a malicious user to update a crafted config file into a repository's .git directory, in combination with crafted file deletion, to gain SSH access to the server on...

CVE-2022-2024 OS Command Injection in gogs/gogs

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11...

Gogs 操作系统命令注入漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service from the GOGS team that supports creating and migrating public/private repositories, adding and removing repository collaborators, and more. An operating system command injection vulnerability exists in Gogs versions prior to...

CVE-2020-36660

CVE-2020-36660 affects paxswill EVE Ship Replacement Program 0.12.11, specifically the User Information Handler component and the file src/evesrp/views/api.py. The vulnerability enables information disclosure due to manipulation in processing that is described in public advisories; remote initiat...

CVE-2020-36660 paxswill EVE Ship Replacement Program User Information api.py information disclosure

A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may ...

CVE-2020-36660 paxswill EVE Ship Replacement Program User Information api.py information disclosure

A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may ...