29 matches found
CVE-2026-7168 affecting package curl for versions less than 8.11.1-7
CVE-2026-7168 affecting package curl for versions less than 8.11.1-7. A patched version of the package is available...
CVE-2026-4873 affecting package curl for versions less than 8.11.1-7
CVE-2026-4873 affecting package curl for versions less than 8.11.1-7. A patched version of the package is available...
[SECURITY] Fedora 42 Update: curl-8.11.1-8.fc42
curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...
CVE-2026-3784 affecting package curl for versions less than 8.11.1-6
CVE-2026-3784 affecting package curl for versions less than 8.11.1-6. A patched version of the package is available...
CVE-2025-10148 affecting package curl for versions less than 8.11.1-4
CVE-2025-10148 affecting package curl for versions less than 8.11.1-4. A patched version of the package is available...
CVE-2025-0665
libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve...
curl 安全漏洞
curl is a cURL open source tool for transferring data from or to a server. A security vulnerability exists in curl versions 7.10.5 through 8.11.1 that stems from incorrectly closing the same eventfd file descriptor twice when closing the connection channel after completing threaded name resolutio...
GHSA-PW39-F3M5-CXFC Elasticsearch Uncaught Exception leading to crash
An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...
PT-2024-2502 · Elastic · Elasticsearch
Name of the Vulnerable Software and Affected Versions: Elasticsearch versions 8.4.0 through 8.11.0 Description: The issue is related to an error in handling exceptions in the Elasticsearch search system's API implementation. It can be exploited by a remote attacker using a specially crafted PDF...
Elasticsearch 安全漏洞
Elasticsearch is a search engine based on the Lucene library. A security vulnerability exists in Elasticsearch versions 8.4.0 through prior to 8.11.1, which stems from an uncaught exception that occurs when an encrypted PDF is passed to an attachment processor via the REST API...
VulnCheck KEV: CVE-2024-22319
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145...
Security Bulletin: Pillow-9.3.0-cp37-cp37m-manylinux_2_28_x86_64.whl is vulnerable to CVE-2023-44271 used in IBM Maximo Application Suite - Edge Data Collector
Summary IBM Maximo Application Suite - Edge Data Collector uses Pillow-9.3.0-cp37-cp37m-manylinux228x8664.whl which is vulnerable to CVE-2023-44271 Vulnerability Details CVEID:CVE-2023-44271 DESCRIPTION: Pillow is vulnerable to a denial of service, caused by a flaw with uncontrollably allocates...
Code injection
An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibanasystem user, API Keys, and...
Elastic Kibana Log Information Disclosure Vulnerability
Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. A log message disclosure vulnerability exists in Elastic Kibana versions 7.13.0 through 7.17.16 and 8.0...
Security Bulletin: VMware Tanzu Spring Security is vulnerable to CVE-2023-34042 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Security, which is vulnerable to CVE-2023-34042. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-34042 DESCRIPTION: VMware Tanzu Spring Security could...
SUSE CVE-2023-46671
An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Elastic has released Kibana 8.11.1 which resolves this issue. The error message recorded in the log may contain account credentials for the kibanasystem user, API Keys, and...
Vulnerabilities fixed in Elastic Kibana and Logstash
Elastic has fixed vulnerabilities in Kibana and Logstash. The vulnerability with reference CVE-2023-46671 is located in Kibana and allows an authenticated malicious party to obtain sensitive data from the log, such as api keys, user credentials and system credentials. The vulnerability with...
Vulnerability fixed in VMware vRealize
VMware has fixed a vulnerability in vRealize Orchestrator and vRealize Automation. A malicious person with access to the Orchestrator could exploit the vulnerability for an XML External Entity XXE attack, potentially gaining access to sensitive data or grant themselves elevated privileges in the...
Vulnerability fixed in Apache Solr for Windows
Apache has fixed vulnerabilities in Solr for Windows. The vulnerability allows a malicious party to access sensitive data, impersonate another user or potentially execute arbitrary code. Apache has released updates to fix the vulnerability in Solr 8.11.1. For more information, see:...
Atlassian JIRA 8.11.1 - User Enumeration Exploit
Title: Atlassian JIRA 8.11.1 - User Enumeration Author: Dolev Farhi Vulnerable versions: version ' print'e.g. python3 script.py https://jiratarget.com usernames.txt' sys.exit if lensys.argv 3: help server = sys.argv1 usernames = sys.argv2 randomuser = '0x00001' try: os.path.existsusernames except...