54 matches found
[SECURITY] Fedora 44 Update: pacemaker-3.0.2-3.fc44
Pacemaker is an advanced, scalable High-Availability cluster resource manager. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when related resources fail and can be...
[SECURITY] Fedora 43 Update: pacemaker-3.0.2-3.fc43
Pacemaker is an advanced, scalable High-Availability cluster resource manager. It supports more than 16 node clusters with significant capabilities for managing resources and dependencies. It will run scripts at initialization, when machines go up or down, when related resources fail and can be...
EUVD-2026-36039
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints POST /api/service/haproxy//section/ and the PUT / global / defaults variants accept a JSON option field that is not validated, not escaped, and ...
Microsoft PC Manager 权限许可和访问控制问题漏洞
Microsoft PC Manager is a computer management software developed by Microsoft Corporation. It offers features such as one-click acceleration, system space management, pop-up management, and comprehensive health checks. However, Microsoft PC Manager has an access control vulnerability. Attackers c...
Microsoft PC Manager 后置链接漏洞
Microsoft PC Manager is a computer management software developed by Microsoft Corporation. It offers features such as one-click acceleration, system space management, pop-up management, and comprehensive health checks. Microsoft PC Manager has a post-release link vulnerability. Attackers can...
CVE-2026-34457
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an authrequest-style integration such as nginx authrequest and either...
Authentication Bypass
github.com/oauth2-proxy/oauth2-proxy is vulnerable to an authentication bypass. The vulnerability is due to improper handling of health check User-Agent values in authrequest-style integrations when --ping-user-agent or --gcp-healthchecks is enabled, which allows an unauthenticated remote attacke...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation via the isHealthCheckRequest function in pkg/middleware/healthcheck.go. An attacker can reach protected endpoints by sending a request with a configured health-check User-Agent, causing the middleware to treat the...
GHSA-5HVV-M4W4-GF6V OAuth2 Proxy's Health Check User-Agent Matching Bypasses Authentication in auth_request Mode
Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: - OAuth2 Proxy is used with an authrequest-style integration for example, nginx authrequest - --ping-user-agent is set or --gcp-healthchecks is enabled In...
PT-2026-32955
Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions prior to 7.15.2 Description A configuration-dependent authentication bypass exists in deployments using auth request-style integration, such as nginx auth request. The issue occurs when either the --ping-user-agent variab...
CVE-2026-4989
Improper input validation in the gateway health check feature in Devolutions Server allows a low-privileged authenticated user to perform server-side request forgery SSRF, potentially leading to information disclosure, via a crafted API request. This issue affects Server: from 2026.1.1 through...
389-ds:1.4 security update
1.4.3.39-23 - Resolves: RHEL-137074 - CVE-2025-14905 389-ds:1.4/389-ds-base: 389-ds-base: Remote Code Execution and Denial of Service via heap buffer overflow rhel-8.10.z - Resolves: RHEL-152098 - Scalability issue of replication online initialization with large database rhel-8.10.z 1.4.3.39-22 -...
AWS VDP: Health check errors silently dropped when channel buffer full
Component: pkg/plugin/plugin.go:153-156, pkg/plugin/pluginv2.go:156-158 Affected Version: aws-encryption-provider @ 4341c70 all versions Found by: Source audit TLP: TLP:Amber --- Summary When KMS operations fail, the error is sent to a buffered channel healthCheckErrc, size 100 via a non-blocking...
io.quarkus/quarkus-rest: Quarkus REST Worker Thread Exhaustion Vulnerability
A flaw was found in the Quarkus REST HTTP layer. This vulnerability allows remote attackers to cause an application level denial of service by repeatedly dropping client connections while response chunks are being transmitted, leading to worker thread exhaustion...
GHSA-5RFX-CP42-P624 Quarkus REST has potential worker thread starvation when HTTP connection is closed while waiting to write
A vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits for previously written response chunks to be fully transmitted before proceeding. If the client connection is dropped during this waiting period, the...
httpd security update
2.4.62-7.0.1.3 - Replace index.html with Oracle's index page oracleindex.html. 2.4.62-7.3 - Resolves: RHEL-135063 - httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInfo CVE-2025-66200 - Resolves: RHEL-135048 - httpd: Apache HTTP Server: CGI environment variable override...
EUVD-2014-3524
Malware in sbrugna...
EUVD-2023-1057
Malicious code in bioql PyPI...
EUVD-2024-1206
Malicious code in bioql PyPI...
EUVD-2023-12373
Malicious code in bioql PyPI...