10314 matches found
Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2026-21945)
Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cause a hang or repeatable crash of...
[SECURITY] [DLA 4568-1] lcms2 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4568-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb May 06, 2026 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...
USN-8248-1 nasm vulnerabilities
Daisy Chen discovered that NASM was vulnerable to a heap buffer overflow when handling certain input. An attacker could possibly use this issue to cause NASM to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2023-31722 It was discovered that NASM incorrectly...
Debian dla-4567 : lrzip - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4567 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4567-1 [email protected] https://www.debian.org/lts/security/...
Magento LTS: Reflected XSS - Import -> Data Flow (profiles)
A reflected XSS vulnerability was found under admin panel - System - Import/Export - Dataflow - Profiles. Steps to produce + Login to the admin panel + Go to the path System - Import/Export - Dataflow - Profiles + Select profile direction as Import. + Click on Import Customers + Upload the file...
USN-8239-1: Apache HTTP Server vulnerabilities
Bartlomiej Dmitruk and Stanislaw Strzalkowski discovered that Apache HTTP Server incorrectly handled certain memory operations when using the HTTP/2 protocol. A remote attacker could use this issue to cause Apache HTTP Server to crash, resulting in a denial of service, or possibly execute arbitra...
[SECURITY] [DLA 4566-1] openjdk-11 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4566-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 06, 2026 https://wiki.debian.org/LTS -...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Mako vulnerability (USN-8234-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8234-1 advisory. It was discovered that Mako incorrectly handled URIs with double-slash prefixes in...
Open Redirect
Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Open Redirect via the stockAction process. An attacker can redirect authenticated users to arbitrary external websites by supplying a craft...
GHSA-2CWR-GCF9-PVXR Magento LTS has Weak API Session ID — Predictable MD5 of Time-Derived Inputs
Affected Version: OpenMage LTS ≤ 20.16.0 confirmed on 20.16.0 Affected File: https://github.com/OpenMage/magento-lts/blob/main/app/code/core/Mage/Api/Model/Session.php – start method Summary The XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a...
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG in the start function. An attacker can gain unauthorized access to active...
Magento LTS has Weak API Session ID — Predictable MD5 of Time-Derived Inputs
Affected Version: OpenMage LTS ≤ 20.16.0 confirmed on 20.16.0 Affected File: https://github.com/OpenMage/magento-lts/blob/main/app/code/core/Mage/Api/Model/Session.php – start method Summary The XML-RPC / SOAP API session ID is generated using an outdated, time-based construction rather than a...
[SECURITY] [DLA 4563-1] libarchive security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4563-1 [email protected] https://www.debian.org/lts/security/ Arnaud Rebillout May 05, 2026 https://wiki.debian.org/LTS -...
Debian dla-4563 : libarchive-dev - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4563 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4563-1 [email protected]...
Debian dla-4562 : thunderbird - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4562 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4562-1 [email protected]...
Debian dla-4561 : linux-config-6.1 - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4561 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4561-1 [email protected]...
[SECURITY] [DLA 4558-1] libexif security update
Debian LTS Advisory DLA-4558-1 [email protected] https://www.debian.org/lts/security/ Emmanuel Arias May 01, 2026 https://wiki.debian.org/LTS Package : libexif Version : 0.6.22-3+deb11u1 CVE ID : CVE-2026-32775 CVE-2026-40385 CVE-2026-40386 Debian Bug : 1131116 1133922 1133923 Three...
Debian dla-4555 : firefox-esr - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4555 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4555-1 [email protected]...
Ubuntu 24.04 LTS : wheel vulnerability (USN-8221-1)
The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8221-1 advisory. It was discovered that wheel did not correctly handle certain file paths. If a user or automated system were tricked into opening a specially crafted file, an...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : UltraJSON vulnerabilities (USN-8219-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8219-1 advisory. Cameron Criswell discovered that UltraJSON contained a memory leak that would occur when parsing large integers. An...