MiracleLinux 7 : nspr-4.11.0-1.el7, nss-softokn-3.16.2.3-14.2.el7, nss-3.21.0-9.el7, nss-util-3.21.0-2.2.el7 (AXSA:2016-217:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-217:01 advisory. nspr NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal fi...

EUVD-2017-9386

Malware in sbrugna...

EUVD-1999-0786

Malware in sbrugna...

CVE-2025-43863 vantage6 lacks brute-force protection on change password functionality

vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. If attacker gets access to an authenticated session, they can try to brute-force the user password by using the change password functionality...

CVE-2024-28048

OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using ffBull ver.4.11...

CVE-2025-29906

Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the tty configuration directive that can bypass /bin/login, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.1...

CVE-2025-29906 Finit bundled getty can bypass /bin/login

Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the tty configuration directive that can bypass /bin/login, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.1...

WordPress Category Discount Woocommerce Plugin <= 4.11 is vulnerable to Cross Site Request Forgery (CSRF)

Software Category Discount Woocommerce Type Plugin Vulnerable versions = 4.11 Fixed in 4.12 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0617 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID cff1c97352ca Credits Krzyszto...

SUSE CVE-2019-14907

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" or above then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP...

SUSE CVE-2019-17344

An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates...

CVE-2022-38146

Silverstripe silverstripe/framework through 4.11 allows XSS issue 2 of 3...

squid security update

7:4.11-3.0.1...

GSD-2022-1005024 xen/privcmd: fix error exit of privcmd_ioctl_dm_op()

xen/privcmd: fix error exit of privcmdioctldmop This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.6 by commit...

PT-2022-33710 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.64 Description: The issue concerns data-races around weight p and dev weight rtx bias. It was introduced in version v4.11 and fixed in version v5.15.64. The actual impact and attack plausibility have not y...

CVE-2022-24751

Zulip is an open source group chat application. Starting with version 4.0 and prior to version 4.11, Zulip is vulnerable to a race condition during account deactivation, where a simultaneous access by the user being deactivated may, in rare cases, allow continued access by the deactivated user. A...

CVE-2022-24751 Race condition in Zulip

Zulip is an open source group chat application. Starting with version 4.0 and prior to version 4.11, Zulip is vulnerable to a race condition during account deactivation, where a simultaneous access by the user being deactivated may, in rare cases, allow continued access by the deactivated user. A...

CVE-2022-24751

CVE-2022-24751 describes a race condition in Zulip during account deactivation. From versions 4.0 up to, but not including, 4.11, a deactivated user could in rare cases retain access due to concurrent actions. The fixes are in Zulip 4.11 on the 4.x branch and 5.0-rc1 on the 5.x branch. Upgrading ...

Cross site scripting

Weblate is a copyleft software web-based continuous localization system. Versions prior to 4.11 do not properly neutralize user input used in user name and language fields. Due to this improper neutralization it is possible to perform cross-site scripting via these fields. The issues were fixed i...

GSD-2022-1000194 rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev

rpmsg: char: Fix race between the release of rpmsgctrldev and cdev This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.96 by commit...

GSD-2021-1000570 iommu/vt-d: Fix sysfs leak in alloc_iommu()

iommu/vt-d: Fix sysfs leak in allociommu This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.9 by commit...