16 matches found
CVE-2026-28705
Gitea before version 1.25.5 is affected: release assets are dumped using the release tag names and asset names as filesystem path components, which can allow specially crafted names to influence dump output paths. The issue is fixed in the 1.25.5 release; affected users should upgrade to 1.25.5 o...
CVE-2026-27779
Gitea prior to version 1.25.5 incorrectly handles forwarded-proto values when detecting public URLs, which can lead to spoofed canonical URLs. Affected software: Gitea
EUVD-2026-41632
Gitea versions before 1.25.5 allow a user to change another user's primary email address...
CVE-2026-26307
Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources. Affected: Gitea core before 1.25.5; component: git grep handling. Root cause: missing/absent timeout for git grep operations. Impact: potential resource exhaustion ...
CVE-2026-25718
Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths...
EUVD-2026-41620
Gitea versions before 1.25.5 have insufficient permission checks for updating or rebasing pull request branches...
Oracle Linux 8 : go-toolset:ol8 (ELSA-2026-10704)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-10704 advisory. delve 1.25.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-1 - Update to Delve 1.25.2 Sync from CentOS Stream 9 - Related:...
Oracle Linux 8 : go-toolset:ol8 (ELSA-2026-0921)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0921 advisory. delve 1.25.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-1 - Update to Delve 1.25.2 Sync from CentOS Stream 9 - Related: RHEL-12122...
golang security update
1.25.5-2 - Rebase to rhel-9-main - Related: RHEL-139366 1.25.5-1 - Update to Go 1.25.5 fips-1 - Resolves: RHEL-139366 1.25.3-2 - Cleanup lib/ ownership...
Oracle Linux 10 : golang (ELSA-2026-0922)
The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0922 advisory. 1.25.5-1 - Update to Go 1.25.5 fips-1 1.25.3-5 - gating.yaml: Add tier1 s390x tests 1.25.3-4 - Cleanup lib/ ownership - Remove legacy logic forcing lib/ into...
Oracle Linux 9 : golang (ELSA-2026-0923)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0923 advisory. 1.25.5-2 - Rebase to rhel-9-main - Related: RHEL-139366 1.25.5-1 - Update to Go 1.25.5 fips-1 - Resolves: RHEL-139366 1.25.3-2 - Cleanup lib/ ownership Tenable...
artifex mupdf 安全漏洞
artifex mupdf is a rich text editor for individual developers. Rich text editor is different from text editor, programmers can go to the Internet to download free rich text editor embedded in their own website or program of course, paid features will be more powerful, convenient for users to edit...
UBUNTU-CVE-2017-12839
A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service out-of-bounds read or possibly have unspecified other impact via a crafted mp3 file...
Juju Core Joyent provider encryption issue vulnerability
Juju Infrastructure specializes in software and solutions. An encryption issue vulnerability exists in Juju Core's Joyent provider prior to version 1.25.5. The vulnerability stems from a network system or product that does not properly use the relevant cryptographic algorithms and can be exploite...
Design/Logic Flaw
Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key...
openSUSE Security Update : mpg123 (openSUSE-2017-1035)
This update for mpg123 fixes the following issues : - Update to version 1.25.6 - Hotfix for bug 255: Overflow reading frame data bits in layer II decoding. Now, all-zero data is returned if the frame data is exhausted. This might have a slight impact on performance, but not easily measurable so...