UBUNTU-CVE-2025-58068

Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted...

Linux Distros Unpatched Vulnerability : CVE-2018-1002105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver...

Linux Distros Unpatched Vulnerability : CVE-2022-23039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilitie...

Linux Distros Unpatched Vulnerability : CVE-2020-16093

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In LemonLDAP::NG aka lemonldap-ng through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because th...

Linux Distros Unpatched Vulnerability : CVE-2023-34095

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends CPDB project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable t...

NewStart CGSL MAIN 7.02 : sane-backends Vulnerability (NS-SA-2025-0135)

The remote NewStart CGSL host, running version MAIN 7.02, has sane-backends packages installed that are affected by a vulnerability: - An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the saneiconfigureattach function. NOTE: this is disputed because...

CVE-2025-53642 haxcms-nodejs and haxcms-php Improperly Terminate Sessions

haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6...

AZL-65175 CVE-2025-49630 affecting package httpd for versions less than 2.4.64-1

In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untrusted clients causing an assertion in modproxyhttp2. Configurations affected are a reverse proxy is configured for an HTTP/2 backend, with...

UBUNTU-CVE-2022-50049

In the Linux kernel, the following vulnerability has been resolved: ASoC: DPCM: Don't pick up BE without substream When DPCM tries to add valid BE connections at dpcmaddpaths, it doesn't check whether the picked BE actually supports for the given stream direction. Due to that, when an asymmetric ...

CVE-2023-28623

Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: ZulipLDAPAuthBackend and an external authentication backend any aside of ZulipLDAPAuthBackend and EmailAuthBackend are the only ones enabled in AUTHENTICATIONBACKENDS in /etc/zulip/settings.py...

CVE-2020-16093

In LemonLDAP::NG aka lemonldap-ng through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used...

CVE-2019-7319

An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges...

Alibaba Cloud Linux 3 : 0091: sane-backends (ALINUX3-SA-2021:0091)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0091 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-12861: A heap buffer overflow in...

USN-7506-2 linux-aws vulnerabilities

Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in...

Linux Distros Unpatched Vulnerability : CVE-2021-28712

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rogue backends can cause DoS of guests via high frequency events This CNA information record relates to multiple CVEs; the text explains which...

Linux Distros Unpatched Vulnerability : CVE-2020-12866

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of...

Linux Distros Unpatched Vulnerability : CVE-2021-28713

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rogue backends can cause DoS of guests via high frequency events This CNA information record relates to multiple CVEs; the text explains which...

Linux Distros Unpatched Vulnerability : CVE-2020-12862

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important informatio...

GHSA-J7JW-28JM-WHR6 lakeFS allows an authenticated user to cause a crash by exhausting server memory

Impact An authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. Patches This problem has been patched and exists in versions 1.49.1 and below Workarounds On S3 backends, configure yaml ... blockstore: s3: disablepresignedmultipart: true...

lakeFS allows an authenticated user to cause a crash by exhausting server memory

Impact An authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. Patches This problem has been patched and exists in versions 1.49.1 and below Workarounds On S3 backends, configure yaml ... blockstore: s3: disablepresignedmultipart: true...