OPENSUSE-SU-2026:10923-1 mcphost-0.34.0-8.1 on GA media

These are all security issues fixed in the mcphost-0.34.0-8.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10899-1 mcphost-0.34.0-7.1 on GA media

These are all security issues fixed in the mcphost-0.34.0-7.1 package on the GA media of openSUSE Tumbleweed...

Fedora 43 : docker-buildx (2026-6d1dd77956)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-6d1dd77956 advisory. - Update to release v0.34.0 - Resolves: rhbz2467576 - Resolves CVE-2026-39984: rhbz2458930 - Upstream new features and fixes Tenable has extracted the...

Fedora 44 : docker-buildx (2026-7f8de90b74)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7f8de90b74 advisory. - Update to release v0.34.0 - Resolves: rhbz2467576 - Resolves CVE-2026-39984: rhbz2458930 - Upstream new features and fixes Tenable has extracted the...

Fedora 42 : docker-buildx (2026-95f37c21d5)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-95f37c21d5 advisory. - Update to release v0.34.0 - Resolves: rhbz2467576 - Resolves CVE-2026-39984: rhbz2458930 - Upstream new features and fixes Tenable has extracted the...

[SECURITY] Fedora 44 Update: docker-buildx-0.34.0-1.fc44

Docker CLI plugin for extended build capabilities with BuildKit...

OPENSUSE-SU-2026:10845-1 mcphost-0.34.0-5.1 on GA media

These are all security issues fixed in the mcphost-0.34.0-5.1 package on the GA media of openSUSE Tumbleweed...

SUSE-SU-2026:21756-1 Security update for mcphost

This update for mcphost fixes the following issues - CVE-2025-30153: github.com/getkin/kin-openapi/openapi3filter: Improper Handling of Highly Compressed Data Data Amplification in github.com/getkin/kin-openapi/openapi3filter bsc1264762. - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client...

SUSE-SU-2026:21827-1 Security update for mcphost

This update for mcphost fixes the following issues - CVE-2025-30153: github.com/getkin/kin-openapi/openapi3filter: Improper Handling of Highly Compressed Data Data Amplification in github.com/getkin/kin-openapi/openapi3filter bsc1264762. - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client...

OPENSUSE-SU-2026:20788-1 Security update for mcphost

This update for mcphost fixes the following issues - CVE-2025-30153: github.com/getkin/kin-openapi/openapi3filter: Improper Handling of Highly Compressed Data Data Amplification in github.com/getkin/kin-openapi/openapi3filter bsc1264762. - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client...

OPENSUSE-SU-2026:10731-1 mcphost-0.34.0-1.1 on GA media

These are all security issues fixed in the mcphost-0.34.0-1.1 package on the GA media of openSUSE Tumbleweed...

CLEANSTART-2026-FJ01373 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68119, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, ghsa-9h8m-3fm2-qjrq, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 0.34.0-r0, 0.34.0-r1, 0.34.0-r2

Multiple security vulnerabilities affect the descheduler package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-26189 Trivy Action has a script injection via sourced env file in composite action

Trivy Action runs Trivy as GitHub action to scan a Docker container image for vulnerabilities. A command injection vulnerability exists in aquasecurity/trivy-action versions 0.31.0 through 0.33.1 due to improper handling of action inputs when exporting environment variables. The action writes...

EUVD-2021-1002

Malware in sbrugna...

CVE-2023-43640

TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database including the users table. This issue...

Input validation

russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those ...

russh 数据伪造问题漏洞

russh is a Rust SSH client and server-side library. A data forgery issue vulnerability exists in russh versions 0.34.0 and 0.36.1, which stems from insufficient Diffie-Hellman key validation, which can lead to information disclosure and compromise confidentiality...

CVE-2020-15223

In ORY Fosite the security first OAuth2 & OpenID Connect framework for Go before version 0.34.0, the TokenRevocationHandler ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can...

Design/Logic Flaw

In ORY Fosite the security first OAuth2 & OpenID Connect framework for Go before version 0.34.0, the TokenRevocationHandler ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can...

PYSEC-2020-224

An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset...