python: Fix of 4 CVEs

CVE-2019-9740: reject control characters in HTTP URL paths in httplib.HTTPConnection.putrequest to prevent CRLF header injection - CVE-2019-18348: reject control characters in hostnames in httplib.HTTPConnection.init via a new validatehost helper to prevent CRLF header injection the glibc...

CLSA-2026-1778769563 python: Fix of 4 CVEs

CVE-2019-9740: reject control characters in HTTP URL paths in httplib.HTTPConnection.putrequest to prevent CRLF header injection - CVE-2019-18348: reject control characters in hostnames in httplib.HTTPConnection.init via a new validatehost helper to prevent CRLF header injection the glibc...

org.eclipse.jetty.ee10/jetty-ee10: early return from the JASPIAuthenticator class without clearing ThreadLocal variables

A flaw was found in Eclipse Jetty. The JASPIAuthenticator class is responsible for handling authentication checks. During these checks, the class sets two ThreadLocal variables to store authentication state. Under certain conditions, the authentication process can return early without properly...

Astra Linux - уязвимость в binutils

An issue was discovered in elflinkinputbfd in elflink.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in elflinkinputbfd when used for finding STTTLS symbols without any TLS section. A specially crafted ELF allows...

SUSE CVE-2026-5795

In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals. A subsequent reques...

CVE-2026-5795

A flaw was found in Eclipse Jetty. The JASPIAuthenticator class is responsible for handling authentication checks. During these checks, the class sets two ThreadLocal variables to store authentication state. Under certain conditions, the authentication process can return early without properly...

CVE-2026-5795

In Eclipse Jetty, the JASPIAuthenticator initializes authentication checks that set two ThreadLocal variables. After returning from these initial checks, the code may take an early return path without clearing the ThreadLocals. A subsequent request that executes on the same thread inherits these ...

CVE-2026-5795

In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals. A subsequent reques...

CVE-2026-5795

In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals. A subsequent reques...

MiracleLinux 4 : glibc-2.12-1.166.AXS4.7 (AXSA:2016-091:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-091:01 advisory. The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make...

Apache Druid’s Kerberos authenticator uses a weak fallback secret

Apache Druid’s Kerberos authenticator uses a weak fallback secret when the druid.auth.authenticator.kerberos.cookieSignatureSecret configuration is not explicitly set. In this case, the secret is generated using ThreadLocalRandom, which is not a crypto-graphically secure random number generator...

EUVD-2020-19080

Malware in sbrugna...

EUVD-2014-9240

Malware in sbrugna...

EUVD-2014-7976

Malware in sbrugna...

CVE-2020-26535

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation and read access violation...

OESA-2024-1810 rubygem-actionpack security update

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. Security Fixes: Action Pack is a framework for handling and responding to web requests. Und...

SUSE CVE-2014-8133

arch/x86/kernel/tls.c in the Thread Local Storage TLS implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a...

SUSE CVE-2014-9419

The switchto function in arch/x86/kernel/process64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage TLS descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application...

BrewStillery (>=1.0.0 <=6.0.2), Inflector (>=0.1.1 <=0.11.2) +3106 more potentially affected by unknown CVE via thread_local (>=0.2.7 <=1.0.1)

threadlocal CARGO version =0.2.7, =1.0.0, =0.1.1, =0.7.0, =0.1.0, =0.0.6, =0.1.1, =0.1.4, =0.1.0, =0.2.1, =0.2.3 - addr2line =0.6.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-9HPW-R23R-XGM5...

GHSA-P9M5-3HJ7-CP5R futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer

Affected versions of the crate used a UnsafeCell in thread-local storage to return a noop waker reference, assuming that the reference would never be returned from another thread. This resulted in a segmentation fault crash if Waker::wakebyref was called on a waker returned from another thread du...