CVE-2026-39816

The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy...

Astra Linux - уязвимость в freerdp2

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP lack input length validation in the urbdrc channel. A malicious server can trick a FreeRDP-based client into reading out-of-bound data and sending it back to the server. This issue has been addressed in...

Astra Linux - уязвимость в freerdp2

FreeRDP is a free remote desktop protocol library and client. Affected versions of FreeRDP lack path canonicalization and base path checks for the drive channel. A malicious server can trick a FreeRDP-based client into reading files outside of the shared directory. This issue has been addressed i...

Astra Linux - уязвимость в freerdp2

FreeRDP is a free remote desktop protocol library and client. Versions of FreeRDP that are affected may attempt integer additions on too narrow types, resulting in the allocation of a buffer that is too small to hold the written data. A malicious server can trick a FreeRDP-based client into readi...

GHSA-2J9M-25XV-MP6R Apache NiFi is missing the Restricted annotation with the Execute Code Required Permission

The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the configuration process of the optional TinkerpopClientService. An attacker can execute arbitrary code by submitting Groovy scripts through the ByteCode Submission feature without possessing the required...

CVE-2026-39816

CVE-2026-39816 impacts Apache NiFi 2.0.0-M1 through 2.8.0 where the optional TinkerpopClientService (in the graph bundle, nifi-other-graph-services-nar) lacks the @Restricted annotation for Execute Code permission. This allows a flow designer with restricted privileges to configure ByteCode Submi...

Fedora 42 : lasso (2025-3edcd991a4)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-3edcd991a4 advisory. Update to 2.9.0 Fixes CVE-2025-46705 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has n...

Linux Distros Unpatched Vulnerability : CVE-2022-39319

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the urbdrc channel. A malicio...

SUSE CVE-2022-39319

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the urbdrc channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in...

PT-2023-12730 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.14 on the stable branch Discourse versions prior to 2.9.0.beta16 on the beta and tests-passed branches Description: The issue affects the parsing of posts in Discourse, making it susceptible to regular expressi...

OESA-2022-2112 freerdp security update

FreeRDP is a client implementation of the Remote Desktop Protocol RDP that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp. Security Fixes: FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are...

DEBIAN-CVE-2022-39319

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the urbdrc channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in...

DEBIAN-CVE-2022-39320

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP based client to read out of bound data and send i...

PT-2022-5606 · Freerdp +9 · Freerdp +9

Name of the Vulnerable Software and Affected Versions: FreeRDP versions prior to 2.9.0 Description: The issue is related to an out of bound read in the ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it, likely...

PT-2022-19459 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 Description: Multiple TensorFlow operations misbehave in eager mode when the resource handle provided ...

Elastic APM agent for Ruby 2.9.0 security update

Elastic APM agent for Ruby client authentication flaw ESA-2019-08 A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the ‘servercacert’ setting, the Ruby agent would not properly verify the certifica...