EUVD-2024-2948

Malicious code in bioql PyPI...

EUVD-2022-32611

Malicious code in bioql PyPI...

EUVD-2023-54318

Malicious code in bioql PyPI...

java-21-openjdk security update

An update is available for java-21-openjdk. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime...

cups: Authentication Bypass in CUPS Authorization Handling

A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize...

CVE-2025-59163

vet is an open source software supply chain security tool. Versions 1.12.4 and below are vulnerable to a DNS rebinding attack due to lack of HTTP Host and Origin header validation. Data from the vet scan sqlite3 database may be exposed to remote attackers when vet is used as an MCP server in SSE...

CLSA-2025-1758289909 Fix CVE(s): CVE-2025-1735, CVE-2025-1736

SECURITY UPDATE: Inadequate validation in pgsql and pdopgsql functions - debian/patches/CVE-2025-1735.patch: add error checks for escape function in pgsql and pdopgsql extensions to prevent potential security issues - CVE-2025-1735 SECURITY UPDATE: Insufficient HTTP header validation -...

CVE-2023-49564

CVE-2023-49564 : The CBIS/NCS Manager API is vulnerable to an authentication bypass. A specially crafted HTTP header from an unauthenticated user can access restricted API functions. Root cause is a weak verification mechanism in the authentication implementation within the Nginx Podman container...

MGASA-2025-0233 Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk packages fix security vulnerabilities

Better Glyph drawing. CVE-2025-30749 Enhance TLS protocol support. CVE-2025-30754 Improve scripting supports. CVE-2025-30761 Improve HTTP client header handling. CVE-2025-50059 Better Glyph drawing redux. CVE-2025-50106...

Updated java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk & java-latest-openjdk packages fix security vulnerabilities

Better Glyph drawing. CVE-2025-30749 Enhance TLS protocol support. CVE-2025-30754 Improve scripting supports. CVE-2025-30761 Improve HTTP client header handling. CVE-2025-50059 Better Glyph drawing redux. CVE-2025-50106...

CVE-2025-10485 pojoin h3blog HTTP Header login ppt_log cross site scripting

A vulnerability has been found in pojoin h3blog up to 5bf704425ebc11f4c24da51f32f36bb17ae20489. Affected by this issue is the function pptlog of the file /login of the component HTTP Header Handler. Such manipulation of the argument X-Forwarded-For leads to cross site scripting. The attack may be...

CVE-2025-10392

The CVE-2025-10392 entry concerns Mercury KM08-708H GiGA WiFi Wave2 1.1.14. Affects the HTTP Header Handler component, where manipulating the Host argument causes a stack-based buffer overflow. The vulnerability is exploitable remotely, with exploit code publicly available. Documents indicate a C...

Security update for python-h2

This update for python-h2 fixes the following issues: CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers bsc1248737 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

Moderate: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

Security Bulletin: Multiple vulnerabilities found in IBM Security Verify Information Queue

Summary Multiple security vulnerabilities in the third-party libraries have been addressed in IBM Security Verify Information Queue ISIQ Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and...

CLSA-2025-1757016160 Fix CVE(s): CVE-2025-1217, CVE-2025-1734, CVE-2025-1736, CVE-2025-1861

SECURITY UPDATE: misinterpretation of HTTP response headers - debian/patches/CVE-2025-1217.patch: adds HTTP header folding support for HTTP wrapper response headers in ext/standard/httpfopenwrapper.c - CVE-2025-1217 SECURITY UPDATE: insufficient HTTP header validation -...

CLSA-2025-1757014652 Fix CVE(s): CVE-2025-1217, CVE-2025-1734, CVE-2025-1736, CVE-2025-1861

SECURITY UPDATE: misinterpretation of HTTP response headers - debian/patches/CVE-2025-1217.patch: adds HTTP header folding support for HTTP wrapper response headers in ext/standard/httpfopenwrapper.c - CVE-2025-1217 SECURITY UPDATE: insufficient HTTP header validation -...

CVE-2025-40927

An HTTP response splitting flaw was found in the CGI::Simple Perl module. This flaw in CGI::Simple allows HTTP response header injection, which can be used for a reflected cross-site scripting XSS attack or an open redirect under certain conditions. Although some validation exists, it can be...

Linux Distros Unpatched Vulnerability : CVE-2015-5740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request...

Linux Distros Unpatched Vulnerability : CVE-2025-40927

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that...