CVE-2026-6918

In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message...

UBUNTU-CVE-2026-6918

In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message...

EUVD-2026-27315

In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP message...

[SECURITY] Fedora 42 Update: mingw-LibRaw-0.21.5-3.fc42

MinGW Windows LibRaw library...

EUVD-2014-9820

Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when...

EUVD-2005-0519

Malware in sbrugna...

EUVD-2007-3287

Malware in sbrugna...

PT-2025-15598 · Unknown · M1.Downloadlist

Name of the Vulnerable Software and Affected Versions: m1.DownloadList versions 0.0 through 0.21 Description: The issue is related to the exposure of sensitive system information to an unauthorized control sphere. This is a problem where sensitive information is made available to unauthorized...

Security Bulletin:IBM Asset Data Dictionary Component uses aircompressor-0.21.jar which is vulnerable to CVE-2024-36114

Summary IBM Asset Data Dictionary Component uses aircompressor-0.21.jar which is vulnerable to CVE-2024-36114. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-36114 DESCRIPTION: airlift aircompressor could allow a local attacker...

CVE-2024-41124

Puncia is the Official CLI utility for Subdomain Center & Exploit Observer. APIURLS is utilizing HTTP instead of HTTPS for communication that can lead to issues like Eavesdropping, Data Tampering, Unauthorized Data Access & MITM Attacks. This issue has been addressed in release version 0.21 by...

OPENSUSE-SU-2024:11106-1 obs-service-source_validator-0.21-1.3 on GA media

These are all security issues fixed in the obs-service-sourcevalidator-0.21-1.3 package on the GA media of openSUSE Tumbleweed...

GHSA-6G7W-8WPP-FRHJ Denial of Service Vulnerability in Rustls Library

Summary rustls::ConnectionCommon::completeio could fall into an infinite loop based on network input. Details Verified at 0.22 and 0.23 rustls, but 0.21 and 0.20 release lines are also affected. tokio-rustls and rustls-ffi do not call completeio and are not affected. rustls::Stream and...

AskAI (=0.1.0), ISP-SDK (>=0.1.0 <=0.2.3) +3832 more potentially affected by CVE-2024-32650 via rustls (>=0.12.0 <=0.21.0)

rustls CARGO version =0.12.0, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.2.0-beta.4, =0.21.0-alpha.1, =0.1.1, =0.11.0, =0.0.1, =0.0.7-alpha.3, =0.0.7-alpha.2, =0.0.7-alpha.1, =0.0.7-alpha.3, =0.11.3, =0.14.2 and more Source cves: CVE-2024-32650 Source advisory: OSV:RUSTSEC-2024-0336...

GHSA-54W6-VXFH-FW7F Http4s improperly parses User-Agent and Server headers

Impact The User-Agent and Server header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed, so this only applies to services that explicitly request these typed headers. v0.21.x scala val unsafe: OptionUser-Agent = req.headers.getUser-Agent...

PT-2020-6233 · P11 Kit +8 · P11-Kit +8

Name of the Vulnerable Software and Affected Versions: p11-kit versions 0.21.1 through 0.23.21 Description: A heap-based buffer over-read has been discovered in the RPC protocol used by the p11-kit server/remote commands and the client library. When the remote entity supplies a byte array through...

JDK: Information disclosure via calls to System.arraycopy() with invalid length

In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value...

Firecracker denial of service vulnerability

Firecracker is a miniature virtual machine for serverless computing. A security vulnerability exists in Firecracker versions 0.20.x prior to 0.20.1 and 0.21.x prior to 0.21.2. An attacker could exploit this vulnerability to cause a denial of service...

CVE-2020-16843

In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. This can result in a denial of service on the microVM when it is configured with a single network interface, and an availability problem for the microVM network interface on whi...

Eclipse OpenJ9 Information Disclosure Vulnerability

Eclipse OpenJ9 is a Java application engine from the Eclipse Foundation. The product is primarily used to run Java applications. A security vulnerability exists in Eclipse OpenJ9 versions prior to 0.21 Power. An attacker could exploit the vulnerability to obtain sensitive information...

CVE-2019-17639

CVE-2019-17639 affects Eclipse OpenJ9 on Power platforms, where calling System.arraycopy with a length longer than the source or destination can cause the current method to return prematurely with an undefined return value. The code may then use whatever is in the return register as if it matches...