curl 安全漏洞

curl is an open-source tool developed by cURL, used for transferring data from or to a server. Curl has a security vulnerability, which stems from a logic error in connection reuse. This error may cause TLS-enabled connections to incorrectly reuse existing unencrypted connections, resulting in da...

Moderate: Red Hat Security Advisory: nginx:1.24 security update

An update for the nginx:1.24 module is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 8 : nginx:1.24 (RHSA-2026:5581)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:5581 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...

Oracle Linux 10 : nginx (ELSA-2026-4705)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-4705 advisory. 2:1.26.3-2.0.1 - Reference oracle-indexhtml within Requires Orabug: 33802044 2:1.26.3-2 - CVE-2026-1642 nginx: NGINX: Data injection via man-in-the-middle atta...

USN-8076-1 qtbase-opensource-src vulnerabilities

It was discovered that Qt did not correctly handle OpenSSL's error queue. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 20.04 LTS. CVE-2020-13962 It was discovered that Qt incorrectly handled certain XBM image files. If a user or...

Moderate: nginx:1.24 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 For more details about the security issues,...

BIT-NODE-2025-59464

A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificatetrue, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through...

EUVD-2025-24854

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-8318

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Encryption. Supported versions that are affected are 5.6.34 and...

AZL-61729 CVE-2024-47619 affecting package syslog-ng for versions less than 4.3.1-3

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tlswildcardmatch matches on certificates such as foo..bar although that is not allowed. It is also possible to pass partial wildcards such as foo.ac.bar which glib matches but should be avoided / invalidated. This issue could have an...

LDAP Password Disclosure

This module will gather passwords and password hashes from a target LDAP server via multiple techniques including Windows LAPS. For best results, run with SSL because some attributes are only readable over encrypted connections. Module Options msf use auxiliary/gather/ldappasswords msf...

Session Replay Attack

libosdp is vulnerable to a Session Replay Attack. The vulnerability is due to the lack of validation for RMACI messages in response to osdpSCRYPT, and the allowance of SCS14 on encrypted connections. Attackers with man-in-the-middle access can intercept RMACI replies during a session and replay...

dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS)

A vulnerability was found in the .NET Framework. This vulnerability exists in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider where an attackercan perform an AiTM adversary-in-the-middle attack between the SQL client and the SQL server. This may allow the attacker to stea...

OESA-2023-1948 bluez security update

This package provides all utilities for use in Bluetooth applications. The BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A. Security Fixes: Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and...

PowerProxy - PowerShell SOCKS Proxy With Reverse Proxy Capabilities

PowerShell SOCKS proxy with reverse proxy capabilities. PowerProxy is written with penetration testers in mind. Reverse proxy functionality is a priority, for traversing networks that block inbound connections. Reverse proxy connections are encrypted by default. Username/Password authentication i...

PostgreSQL SQL注入漏洞

PostgreSQL is a free object-relational database management system organized by Postgresql. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and more. A security vulnerability exists in PostgreSQL due to the way PostgreSQL handle...

PostgreSQL 安全漏洞

PostgreSQL is a free object-relational database management system organized by Postgresql. The system supports most of the SQL standards and provides many other features such as foreign keys, triggers, views, and so on. A security vulnerability exists in PostgreSQL due to the way the libpq proces...

CVE-2021-34698

A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service DoS condition on an affected device. This vulnerability is due to improper memory management in the pro...

Important: Red Hat Security Advisory: stunnel security update

An update for stunnel is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Apache Cassandra 安全漏洞

Apache Cassandra is a distributed Nosql database from the Apache Foundation.Cassandra is a hybrid non-relational database, similar to Google's BigTable.Its main features are richer than Dynamo a distributed Key-Value storage system, but the support is not as good as a document store. MongoDB...