EUVD-2022-1649

Malicious code in bioql PyPI...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Denial of Service attack due to CyberNeko HTML Parser

Summary Security Bulletin: CyberNeko HTML is used by IBM Operations Analytics - Log Analysis as document ingestion in Logstash CVE-2022-29546, CVE-2022-24839, CVE-2022-28366 Vulnerability Details CVEID:CVE-2022-29546 DESCRIPTION: HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of...

Fedora: Security Advisory (FEDORA-2025-f1ea97edd8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-28366

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...

Alibaba Cloud Linux 3 : 0060: go-toolset:rhel8 (ALINUX3-SA-2021:0060)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0060 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-14809: net/url in Go before 1.11....

Mageia: Security Advisory (MGASA-2025-0106)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Advisory ROSA-SA-2025-2633

software: mosquitto 2.0.15 WASP: ROSA-CHROME packageevrstring: mosquitto-2.0.15 CVE-ID: CVE-2023-0809 BDU-ID: 2024-04210 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the CONNECT component of the Eclipse Mosquitto message broker is related to memory allocation based on an unreliable value of lar...

CVE-2020-28366 affecting package python-tensorboard for versions less than 2.16.2-1

CVE-2020-28366 affecting package python-tensorboard for versions less than 2.16.2-1. An upgraded version of the package is available that resolves this issue...

RHEL 8 : Red Hat Satellite 6 (RHSA-2024:1061)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1061 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

RHEL 8 : Satellite 6.14.2 Async Security Update (Important) (RHSA-2024:0797)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0797 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Dependency in Jira Software Data Center and Server

This High severity net.sourceforge.nekohtml:nekohtml Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, and 9.9.0 of Jira Software Data Center and Server. This net.sourceforge.nekohtml:nekohtml Dependency vulnerability, with a CVSS...

Moderate: Red Hat Security Advisory: Red Hat Satellite 6 security and bug fix update

An update is now available for Red Hat Satellite 6.13 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Important: Red Hat Security Advisory: Satellite 6.14.2 Async Security Update

Updated Satellite 6.14 packages that fixes Important security bugs and several regular bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet...

Atlassian Jira Service Management Data Center and Server 4.20 < 4.20.28 / 5.4.x < 5.4.12 / 5.5.x < 5.11.3 / 5.12.0 (JSDSERVER-14921)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14921 advisory. - Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI...

GLSA-202401-09 : Eclipse Mosquitto: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-09 Eclipse Mosquitto: Multiple Vulnerabilities - In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. CVE-2023-0809 - In Mosquitto before 2.0.16, a memor...

Atlassian Confluence 7.13.x / 8.1.x / 8.2.x / 8.3.x / 8.6.0 < 8.6.1 (CONFSERVER-93169)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93169 advisory. - Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory...

Ubuntu: Security Advisory (USN-6492-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-5511-1 : mosquitto - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5511 advisory. Several security vulnerabilities have been discovered in mosquitto, a MQTT compatible message broker, which may be abused for a denial of service attack...

[SECURITY] [DSA 5511-1] mosquitto security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5511-1 [email protected] https://www.debian.org/security/ Markus Koschany October 01, 2023 https://www.debian.org/security/faq -...

OESA-2023-1658 mosquitto security update

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...