lemur 信任管理问题漏洞

Lemur is an open-source TLS certificate management tool developed by Netflix, Inc. Versions of Lemur prior to 1.9.0 contained a vulnerability related to trust management. This vulnerability stemmed from unconditional disabling of TLS certificate verification when LDAP TLS was enabled, which could...

dify 安全漏洞

dify is an open-source LLM application development platform developed by LangGenius. Versions of dify prior to 1.9.0 contained security vulnerabilities. These vulnerabilities were caused by differences in API responses, which could lead to the enumeration of registered email addresses...

OESA-2026-1277 runc security update

runc is a CLI tool for spawning and running containers according to the OCI specification. Security Fixes: A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in...

Linux Distros Unpatched Vulnerability : CVE-2017-20189

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server...

PT-2024-40915 · Unknown · Xmp Toolkit

Name of the Vulnerable Software and Affected Versions: xmp toolkit versions prior to 1.9.0 Description: The issue arises when C++ exceptions are raised within the XmpFile::close function, leading to undefined behavior, typically a process abort. This can be triggered by a race condition causing...

CVE-2017-20189

In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects...

PT-2023-12671 · Intel · Intel Qat Drivers

Name of the Vulnerable Software and Affected Versions: Intel QAT Driver for Windows versions prior to 1.9.0-0008 Description: The issue is related to an out-of-bounds write in the software, which may allow an authenticated user to potentially enable escalation of privilege via local access...

jquery: Cross-site scripting (XSS) via <script> HTML tags containing whitespaces

A flaw was found in jquery in versions prior to 1.9.0. A cross-site scripting attack is possible as the load method fails to recognize and remove "" HTML tags that contain a whitespace character which results in the enclosed script logic to be executed. The highest threat from this vulnerability ...

CVE-2019-18830

Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'donglebridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code...