11241 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-38473
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially...
Malicious code in xslasa20-poly1305-encoding (npm)
The package xslasa20-poly1305-encoding was found to contain malicious code...
MAL-2025-39996 Malicious code in xslasa20-poly1305-encoding (npm)
The package xslasa20-poly1305-encoding was found to contain malicious code...
CVE-2025-54409
AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a...
SUSE-SU-2025:20596-1 Security update for libssh
This update for libssh fixes the following issues: - CVE-2025-5372: sshkdf returns a success code on certain failures bsc1245314 - CVE-2025-5987: Invalid return code for chacha20 poly1305 with OpenSSL backend bsc1245317 - CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions...
USN-7696-1 libssh vulnerabilities
Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-4877 Ronald Crane discovered that libssh incorrectly handled the...
CVE-2025-8661
A stored Cross-Site Scripting vulnerability XSS occurs when the server does not properly validate or encode the data entered by the user...
SUSE SLES12 Security Update : libssh (SUSE-SU-2025:02755-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02755-1 advisory. - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions bsc1245309. - CVE-2025-4878: Fixed use of uninitialized...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ASN1ObjectIdentifier. An attacker can cause excessive resource consumption by submitting specially crafted ASN.1 Object Identifiers, potentially leading to service disruption...
Allocation of Resources Without Limits or Throttling
Overview org.bouncycastle:bcprov-debug-jdk15on is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ASN1ObjectIdentifier. An attacker can cause excessive resource consumption by...
ROS-20250812-08
Apache HTTP Server vulnerability is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to launch an SSRF attack Vulnerability in the modules/proxy/modproxy.c component of the Apache HTTP Server web server is related t...
SUSE SLES15 Security Update : postgresql14 (SUSE-SU-2025:01786-2)
The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:01786-2 advisory. Upgrade to 14.18: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validatio...
SUSE SLES15 Security Update : postgresql16 (SUSE-SU-2025:01782-2)
The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:01782-2 advisory. Upgrade to 16.9: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation...
Linux Distros Unpatched Vulnerability : CVE-2025-7345
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw exists in gdkpixbuf within the gdkpixbufjpegimageloadincrement function io-jpeg.c and in glib's gbase64encodestep glib/gbase64.c. When processing...
Linux Distros Unpatched Vulnerability : CVE-2024-2608
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an...
CLSA-2025-1754941200 openssh: Fix of 3 CVEs
CVE-2018-20685: fix a vulnerability scp client where a malicious server could bypass intended access restrictions and modify target directory permissions via crafted filenames - CVE-2019-6109: fix scp client where a malicious server could manipulate the client's progress display output due to...
BIT-LIBPHP-2020-7060 global buffer-overflow in mbfl_filt_conv_big5_wchar
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbflfiltconvbig5wchar to read past the allocated buffer. This may lead to information disclosur...
Security update for postgresql14
This update for postgresql14 fixes the following issues: Upgrade to 14.18: CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Patch Instructions: To install this SUSE update use the SUSE recommended...
SUSE-SU-2025:01786-2 Security update for postgresql14
This update for postgresql14 fixes the following issues: Upgrade to 14.18: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931...
SUSE-SU-2025:01782-2 Security update for postgresql16
This update for postgresql16 fixes the following issues: Upgrade to 16.9: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation bsc1242931 Changelog: https://www.postgresql.org/docs/release/16.9/...