485 matches found
GHSA-RRJV-57MM-J6CM vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2025-47907 affecting package golang for versions less than 1.23.12-1
CVE-2025-47907 affecting package golang for versions less than 1.23.12-1. An upgraded version of the package is available that resolves this issue...
CVE-2016-5582 vulnerabilities
Vulnerabilities for packages: openjdk-11-openj9, openjdk-17-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk-8-openj9, openjdk-25-openj9...
CVE-2018-2579 vulnerabilities
Vulnerabilities for packages: openjdk-11-openj9, openjdk-17-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk-8-openj9, openjdk-25-openj9...
GHSA-CRQQ-83WV-J8RH vulnerabilities
Vulnerabilities for packages: openjdk-11-openj9, openjdk-17-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk-8-openj9, openjdk-25-openj9...
CVE-2020-14593 vulnerabilities
Vulnerabilities for packages: openjdk-11-openj9, openjdk-17-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk-8-openj9, openjdk-25-openj9...
GHSA-42P8-X3RM-58MV vulnerabilities
Vulnerabilities for packages: openjdk-11-openj9, openjdk-17-openj9, openjdk-21-openj9, openjdk-26-openj9, openjdk-8-openj9, openjdk-25-openj9...
CVE-2025-54410 vulnerabilities
Vulnerabilities for packages: falco, xeol, cluster-api, undock, aactl, opentelemetry-operator, promxy, skaffold, rancher, lazydocker, bom, portieris, harbor-scanner-trivy, rancher-agent, prometheus, k3d, kubeflow-katib, openbao, cluster-api-helm-controller, falcoctl, helm-mapkubeapis, bento,...
CVE-2025-55163 vulnerabilities
Vulnerabilities for packages: neo4j, apache-nifi, elasticsearch, apache-hop, hadoop-fips, management-api-for-apache-cassandra-5.0, keycloak-operator, druid, camunda-zeebe, akhq, infinispan, sonarqube, wildfly, kserve-modelmesh, localstack, keycloak, spark-fips, spark, apicurio-registry,...
GHSA-GCQ6-QG3M-6M3G vulnerabilities
Vulnerabilities for packages: openjdk...
ROS-20250812-05
A vulnerability in the framework that enables the development and deployment of RESTful services and RESTEasy applications is related to the insecure creation of temporary files. Exploitation of the vulnerability could allow an attacker to gain access to confidential information...
CVE-2025-8844
A vulnerability was determined in NASM Netwide Assember 2.17rc0. This vulnerability affects the function parsesmacrotemplate of the file preproc.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used...
CVE-2025-38418 affecting package kernel for versions less than 6.6.96.1-1
CVE-2025-38418 affecting package kernel for versions less than 6.6.96.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2025-38319 affecting package kernel for versions less than 6.6.96.1-1
CVE-2025-38319 affecting package kernel for versions less than 6.6.96.1-1. A patched version of the package is available...
nodejs:22 security update
nodejs 1:22.16.0-2 - Patch fix for CVE-2025-6965 Resolves: RHEL-103851 nodejs-nodemon nodejs-packaging...
git: Git arbitrary code execution
A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return CR are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read,...
CVE-2025-6491
In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 when parsing XML data in SOAP extensions, overly large 2Gb XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server...
cjson: segmentation violation trigger through the second parameter of function cJSON_SetValuestring at cJSON.c
A flaw was found in cJSON. This issue contains a segmentation violation, which can trigger through the second parameter of the cJSONSetValuestring function at cJSON.c...
SUSE CVE-2025-6555
Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...