[SECURITY] Fedora 43 Update: rpki-client-9.7-1.fc43

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...

[SECURITY] Fedora 43 Update: gi-loadouts-0.1.10-2.fc43

This is a desktop application that allows travelers to manage their custom equipment of artifacts and weapons for playable characters and makes it convenient for travelers to calculate the associated statistics based on their equipment using the semantic understanding of how the gameplay works...

EUVD-2015-9111

Malware in sbrugna...

EUVD-2021-24224

Malware in sbrugna...

EUVD-2018-8474

Malware in sbrugna...

EUVD-2016-10265

Malware in sbrugna...

EUVD-2023-50863

Malicious code in bioql PyPI...

EUVD-2023-34620

Malicious code in bioql PyPI...

EUVD-2022-5987

Malicious code in bioql PyPI...

vuls

This is an open-source vulnerability scanner for Linux and FreeBSD, written in Go. It is an agentless scanner, meaning it does not require any additional software to be installed on the target systems. The scanner is designed to be easy to use and provides a simple command-line interface. The...

[SECURITY] Fedora 42 Update: qt6-qtlottie-6.9.1-1.fc42

Qt Lottie Animation provides a QML API for rendering graphics and animations that are exported in JSON format by the Bodymovin plugin for Adobe After Effects...

CVE-2021-37743

app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format...

CVE-2021-34083

Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially...

CVE-2020-8497

In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps...

CVE-2019-13523

In Honeywell Performance IP Cameras and Performance NVRs, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data in JSON format for IP cameras and NVRs Network Video Recorders, which can be accessed without authentication over the network...

GHSA-MF24-CHXH-HMVJ Envoy Gateway Log Injection Vulnerability

Impact In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the attacker uses a specially crafted user-agent which performs json injection, then he could add and overwrite fields to th...

Envoy Gateway Log Injection Vulnerability

Impact In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the attacker uses a specially crafted user-agent which performs json injection, then he could add and overwrite fields to th...

firefox: Compartment mismatch when parsing JavaScript JSON module

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free...

Structured logging in Spring Boot 3.4

Logging is a long established part of troubleshooting applications and one of the three pillars of observability, next to metrics and traces. No one likes flying blind in production, and when incidents happen, developers are happy to have log files. Logs are often written out in a human-readable...

BIT-LOGSTASH-2023-46672 Logstash Insertion of Sensitive Information into Log File

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: Logstash is configured to log in JSON format...