RockyLinux 8 : python-urllib3 (RLSA-2026:1254)

The remote RockyLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:1254 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...

RockyLinux 10 : python-urllib3 (RLSA-2026:1086)

The remote RockyLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:1086 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...

Important: Red Hat Security Advisory: python3.12-urllib3 security update

An update for python3.12-urllib3 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

AlmaLinux 8 : python-urllib3 (ALSA-2026:1254)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:1254 advisory. urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion CVE-2025-66418 urllib3: urllib3 Streaming API improperly handles highly...

CVE-2025-46733

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially crafted tee-supplicant binary running in REE userspace, an attacker can trigger a panic in a TA that...

Ivanti Endpoint Manager Mobile 12.5.0.x < 12.5.0.1 / 12.4.0.x < 12.4.0.2 / 12.x < 12.3.0.2 / 11.x < 11.12.0.5 Multiple Vulnerabilities

The version of Ivanti Endpoint Manager Mobile, formerly MobileIron Core, running on the remote host is 12.5.0.x prior to 12.5.0.1, 12.4.0.x prior to 12.4.0.2, 12.3.0.x prior to 12.3.0.2, or 11.x prior to 11.12.0.5. It is, therefore, affected by multiple vulnerabilities: - An authentication bypass...

CVE-2025-2811

A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT250...

USN-7384-1 linux-azure vulnerabilities

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. CVE-2024-8805 Attila Szász discovered that the HFS+ file system...

Linux Distros Unpatched Vulnerability : CVE-2024-56719

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: stmmac: fix TSO DMA API usage causing oops Commit 66600fac7a98 net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data moved the assignment o...

Important: Red Hat Security Advisory: postgresql security update

An update for postgresql is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

CVE-2024-46999

Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to unauthorized access to applications and resources. Additionally, the management and auth API alway...

CVE-2024-11972

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin...

PT-2023-20444 · Nextcloud · Nextcloud Talk

Name of the Vulnerable Software and Affected Versions: Nextcloud Talk versions prior to 15.0.3 Description: Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured, messages were not expired, and the API would still return them while the...

MGASA-2022-0130 Updated chromium-browser-stable packages fix security vulnerability

Use after free in Portals. CVE-2022-1125 Use after free in QR Code Generator. CVE-2022-1127 Inappropriate implementation in Web Share API. CVE-2022-1128 Inappropriate implementation in Full Screen Mode. CVE-2022-1129 Insufficient validation of untrusted input in WebOTP. CVE-2022-1130 Use after fr...

Stark Bank Data Forgery Problem Vulnerability (CNVD-2021-95643)

Stark Bank is a banking API for individual developers in Brazil.Perform all banking operations through an API that simplifies and automates payments, facilitates reconciliations, and scales operations. Stark Bank ecdsa-dotnet suffers from a Data Forgery Issue vulnerability that stems from the...

A week in security (July 5 – July 11)

Last week on Malwarebytes Labs: Racing against a real-life ransomware attack. Podcast with Ski Kacoroski. Kaseya CEO: “The impact of this incredibly sophisticated attack is very minimal” Patch now! Emergency fix for PrintNightmare released by Microsoft. Game over: Apex Legends players locked out ...

MGASA-2017-0186 Updated kernel packages fixes critical security vulnerabilities

This kernel update is based on upstream 4.4.74 and fixes at least the following security issues: The ipxitfioctl function in net/ipx/afipx.c in the Linux kernel through 4.11.1 mishandles reference counts, which allows local users to cause a denial of service use-after-free or possibly have...

CURL-CVE-2016-7167 curl escape and unescape integer overflows

The four libcurl functions curlescape, curleasyescape, curlunescape and curleasyunescape perform string URL percent escaping and unescaping. They accept custom string length inputs in signed integer arguments. The functions having names without "easy" being the deprecated versions of the others...

Linux kernel IGMP vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Synopsis: Linux kernel IGMP vulnerabilities Product: Linux kernel Version: 2.4 up to and including 2.4.28, 2.6 up to and including 2.6.9 Vendor: http://www.kernel.org/ URL: http://isec.pl/vulnerabilities/isec-0018-igmp.txt CVE: CAN-2004-1137 Author:...