CVE-2021-25738

CVE-2021-25738: The vulnerability arises from loading specially crafted YAML via the Kubernetes Java Client library, enabling code execution. Connected documents consistently describe this YAML-loading path as the root cause and code execution outcome. The public data does not provide precise aff...

libX11 security update

CentOS Errata and Security Advisory CESA-2021:3296 An update for libX11 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

[SECURITY] Fedora 33 Update: libX11-1.7.2-3.fc33

Core X11 protocol client library...

libpq bug fix and enhancement update

An update is available for libpq. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libpq package provides the PostgreSQL client library, which allows client...

libpq bug fix and enhancement update

The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. The following packages have been upgraded to a later upstream version: libpq 13.3. BZ1966205...

ALEA-2021:2421 libpq bug fix and enhancement update

The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. The following packages have been upgraded to a later upstream version: libpq 13.3. BZ1966205...

RHEL 8 : Red Hat OpenStack Platform 16.1.6 (python-httplib2) (RHSA-2021:2116)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2116 advisory. A comprehensive HTTP client library that supports many features left out of other HTTP libraries. Security Fixes: CRLF injection via an...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.6 (python-httplib2) security update

An update for python-httplib2 is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

EulerOS Virtualization 3.0.6.6 : thrift (EulerOS-SA-2021-1457)

According to the versions of the thrift packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with...

PYSEC-2021-16

httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service CPU burn while parsing header of the httplib2 client accessing said...

CVE-2021-21240

CVE-2021-21240 affects httplib2 prior to 0.19.0. A malicious server can send a WWW-Authenticate header containing a long sequence of non-breaking spaces (\xa0), causing a Denial of Service by CPU-intensive header parsing. The root cause is in how httplib2 parses auth headers; a fix was implemente...

CVE-2020-8570

CVE-2020-8570: Kubernetes Java client libraries suffer a path traversal issue in the Copy implementation. Versions 10.0.0 and prior to 9.0.1 allow writes to paths outside the current directory when extracting multiple files from a malicious archive sent from a remote pod, potentially overwriting ...

Important: Red Hat Security Advisory: libpq security update

An update for libpq is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Security Bulletin: Critical Security Vulnerability in RDS Client library affecting Rational Synergy (CVE-2014-3089)

Summary Clear text password in IBM Rational Directory Server RDS supplied Client library could allow potential hacker to gain access to RDS and access to unauthorized data used by consuming products such as Rational Synergy. Vulnerability Details | Subscribe to My Notifications to be notified of...

Heap overflow

An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS11 function call, the receiving...

CVE-2020-29362

An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS11 function call, the receiving...

Important: libpq security update

The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. The following packages have been upgraded to a later upstream version: libpq 12.5. BZ1898228, BZ1901558 Security Fixes: postgresql: Reconnection can downgrade connection securi...

Security Bulletin: a security update of the google oauth client library to version 1.31.0 for CVE-2020-7692.

Summary This fix is a security update of the google oauth client library to version 1.31.0 for CVE-2020-7692. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM Spectrum LSF| 10.1...

The vulnerability of the Windows Application Compatibility Client Library allows a perpetrator to enhance their privileges.

The vulnerability of the Windows Application Compatibility Client Library is related to errors in processing Windows registry operations. Exploiting this vulnerability can allow attackers to gain increased privileges...

librabbitmq security update

CentOS Errata and Security Advisory CESA-2020:3949 An update for librabbitmq is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...