@openinc/parse-server-opendash (>=4.0.0 <=4.0.11) potentially affected by CVE-2026-39321 via parse-server (>=9.6.0-alpha.37 <=9.7.0)

parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.11 Source cves: CVE-2026-39321 Source advisory: OSV:GHSA-MMPQ-5HCV-HF2V...

@openinc/parse-server-opendash (>=4.0.0 <=4.0.11) potentially affected by CVE-2026-39321 via parse-server (>=9.6.0-alpha.37 <=9.7.0)

parse-server NPM version =9.6.0-alpha.37, =4.0.0, =4.0.11 Source cves: CVE-2026-39321 Source advisory: SNYK:JS-PARSESERVER-15928859...

CVE-2026-39321 Parse Server has a login timing side-channel reveals user existence

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.8.0-alpha.6 and 8.6.74, he login endpoint response time differs measurably depending on whether the submitted username or email exists in the database. When a user is not found, the...

MiracleLinux 9 : podman-4.6.1-7.el9_3 (AXSA:2023-7058:08)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7058:08 advisory. golang: crypto/tls: slow verification of certificate chains containing large RSA keys CVE-2023-29409 golang: html/template: improper handling of...

EUVD-2025-39321

Malicious code in umi-gulai11-miaww npm...

MAL-2025-39321 Malicious code in windmill-yacht-ovlz (npm)

The package windmill-yacht-ovlz was found to contain malicious code...

K000152723: Golang crypto/tls vulnerabilities CVE-2023-39321 and CVE-2023-39322

Security Advisory Description CVE-2023-39321 Processing an incomplete post-handshake message for a QUIC connection can cause a panic. CVE-2023-39322 QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection...

Moderate: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: crypto/tls: panic when processing post-handshake message on QUIC connections...

RLSA-2024:0121 Moderate: container-tools:4.0 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward unparseable query...

Linux Distros Unpatched Vulnerability : CVE-2023-39321

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Processing an incomplete post-handshake message for a QUIC connection can cause a panic. CVE-2023-39321 Note that Nessus relies on the presence of the package a...

CVE-2022-39321

GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...

Oracle Linux 9 : runc (ELSA-2024-9200)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-9200 advisory. - Rebuild for CVEs: CVE-2023-39321 CVE-2023-39322 CVE-2023-29409 - rebuild for following CVEs: CVE-2021-43784 CVE-2022-41724 CVE-2023-28642 - runc 1.1.5 resolve...

Oracle Linux 9 : buildah (ELSA-2024-9097)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9097 advisory. - Rebuild for CVEs: CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724...

CVE-2024-39321

An authorization bypass vulnerability was found in Traefik. This flaw allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Mitigation Mitigation for this issue is either not available or the currently available options do not meet...

RHEL 8 : Red Hat OpenStack Platform 16.1 (etcd) (RHSA-2024:3467)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3467 advisory. A highly-available key value store for shared configuration Security Fixes: Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack...

RHEL 8 : container-tools:rhel8 (RHSA-2024:2988)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2988 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: urllib3:...

RHEL 8 : Red Hat OpenStack Platform 16.2 (etcd) (RHSA-2024:3352)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3352 advisory. A highly-available key value store for shared configuration Security Fixes: Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack...

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2023:7517)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7517 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

Security Bulletin: IBM Cloud Pak for Data Scheduling contains a vulnerable yq package. [CVE-2023-39320, CVE-2023-39321 and CVE-2023-39322]

Summary Yq is used by IBM Cloud Pak for Data Scheduling as part of the Ansible operator used for installation of the Scheduler. This bulletin identifies the steps to take to address the below vulnerabilities. Vulnerability Details CVEID:CVE-2023-39320 DESCRIPTION: Golang Go could allow a remote...

openSUSE: Security Advisory for go1.21 (SUSE-SU-2023:3701-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...