GHSA-45CH-HXGR-VX8J phpCAS client library and Moodle Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message...

br.com.esec.icpm:certillion-client-library (>=1.1.7 <=1.2.0), br.com.esec.icpm:certillion-client-library-resteasy-plugin (>=1.1.9 <=1.1.10) +294 more potentially affected by CVE-2013-2172 via org.apache.santuario:xmlsec (>=1.5.1 <=1.5.4)

org.apache.santuario:xmlsec MAVEN version =1.5.1, =1.1.7, =1.1.9, =1.2.5, =1.2.6 - com.fluxcorp.plugins:webservice-trigger =1.0.4 - com.googlecode.xades4j:xades4j =1.3.1 - com.sitewhere:sitewhere-core =0.9.7 - com.sitewhere:sitewhere-gnuhealth =0.9.7 - com.sitewhere:sitewhere-hbase =0.9.7 -...

libpq security update

An update is available for libpq. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libpq package provides the PostgreSQL client library, which allows client...

ALSA-2022:1891 Low: libpq security update

The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes: postgresql: libpq processes unencrypted bytes from man-in-the-middle CVE-2021-23222 For more details about the security issues, including the impact, a CVSS...

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2022-1650)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into...

ROS-20220407-03

A vulnerability in the Python client library is related to insufficient validation of user input data in the FTP File Transfer Protocol library when used in PASV passive mode in the FTP File Transfer Protocol library when it is used in PASV passive mode. Exploitation the vulnerability could allow...

[SECURITY] Fedora 35 Update: libnbd-1.10.5-1.fc35

NBD =EF=BF=BD=EF=BF=BD=EF=BF=BD Network Block Device =EF=BF=BD=EF=BF=BD=EF=BF =BD is a protocol for accessing Block Devices hard disks and disk-like things over a Network. This is the NBD client library in userspace, a simple library for writing NBD clients. The key features are: Synchronous and...

Fedora: Security Advisory for libnbd (FEDORA-2022-2fa5931425)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the client library’s HTTP httplib2 module, related to uncontrolled resource consumption, allows attackers to cause service interruptions.

The vulnerability of the client library’s HTTP httplib2 module is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...

AZL-43738 CVE-2022-21698 affecting package buildah 1.18.0-29

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

AZL-34541 CVE-2022-21698 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.2-2

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

AZL-34835 CVE-2022-21698 affecting package keda for versions less than 2.14.0-1

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

CVE-2022-21850

Remote Desktop Client Remote Code Execution Vulnerability...

CVE-2022-21851

Remote Desktop Client Remote Code Execution Vulnerability...

postgresql: libpq processes unencrypted bytes from man-in-the-middle

A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption...

PostgreSQL 安全漏洞

PostgreSQL is a free object-relational database management system organized by Postgresql. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and so on. A security vulnerability exists in PostgreSQL due to the way the libpq proces...

libX11 security update

An update is available for libX11. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libX11 packages contain the core X11 protocol client library. Security...

RLSA-2021:4326 Moderate: libX11 security update

The libX11 packages contain the core X11 protocol client library. Security Fixes: libX11: missing request length checks CVE-2021-31535 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in t...

Moderate: libX11 security update

The libX11 packages contain the core X11 protocol client library. Security Fixes: libX11: missing request length checks CVE-2021-31535 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in t...

UBUNTU-CVE-2021-41036

In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client does not check remlen size in readpacket...