325 matches found
CVE-2025-59354 Dragonfly has weak integrity checks for downloaded files
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the DragonFly2 uses a variety of hash functions, including the MD5 hash, for downloaded files. This allows attackers to replace files with malicious ones that have a colliding hash. This...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the getAuthToken function. An attacker can cause denial of service and compromise file integrity by performing a network-level man-in-the-middle attack that provides invalid data to the process. Remediation...
GHSA-98X5-JW98-6C97 Dragonfly's manager makes requests to external endpoints with disabled TLS authentication
Impact The Manager disables TLS certificate verification in two HTTP clients figures 3.1 and 3.2. The clients are not configurable, so users have no way to re-enable the verification. golang func getAuthTokenctx context.Context, header http.Header string, error skipped client := &http.Client...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the getAuthToken function. An attacker can cause denial of service and compromise file integrity by performing a network-level man-in-the-middle attack that provides invalid data to the process. Remediation...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the getAuthToken function. An attacker can cause denial of service and compromise file integrity by performing a network-level man-in-the-middle attack that provides invalid data to the process. Remediation...
CVE-2025-59347 Dragonfly Manager makes requests to external endpoints with disabled TLS authentication
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The Manager disables TLS certificate verification in HTTP clients. The clients are not configurable, so users have no way to re-enable the verification. A Manager processes dozens of preheat job...
Dragonfly's manager makes requests to external endpoints with disabled TLS authentication
The Manager disables TLS certificate verification in two HTTP clients figures 3.1 and 3.2. The clients are not configurable, so users have no way to re-enable the verification. golang func getAuthTokenctx context.Context, header http.Header string, error skipped client := &http.Client Timeout:...
About the security content of tvOS 26
About the security content of tvOS 26 This document describes the security content of tvOS 26. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent...
About the security content of iOS 26 and iPadOS 26
About the security content of iOS 26 and iPadOS 26 This document describes the security content of iOS 26 and iPadOS 26. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
About the security content of visionOS 26
About the security content of visionOS 26 This document describes the security content of visionOS 26. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
RLSA-2025:14573 Important: aide security update
Advanced Intrusion Detection Environment AIDE is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions. Security Fixes: aide: improper output neutralization enables bypassing CVE-2025-54389 For more details abou...
aide security update
An update is available for aide. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Advanced Intrusion Detection Environment AIDE is a utility that creates a databa...
Important: Red Hat Security Advisory: aide security update
An update for aide is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Important: Red Hat Security Advisory: aide security update
An update for aide is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as havi...
Important: Red Hat Security Advisory: aide security update
An update for aide is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
Important: Red Hat Security Advisory: aide security update
An update for aide is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...
Linux Distros Unpatched Vulnerability : CVE-2023-6051
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16....
Important: Red Hat Security Advisory: aide security update
An update for aide is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
RHEL 10 : aide (RHSA-2025:14592)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:14592 advisory. Advanced Intrusion Detection Environment AIDE is a utility that creates a database of files on the system, and then uses that database to ensure fi...
Introducing the Qualys App Picker: Easier, Faster Navigation for All Your Security Applications
Navigating your cybersecurity platform should be easy. That is why we have reimagined the way users access Qualys applications with the brand-new Qualys App Picker , a streamlined, intuitive navigation panel designed to make access faster, easier, and smarter in the Qualys Enterprise TruRisk...