org.atmosphere.samples:atmosphere-spring-boot-rag-chat (>=4.0.14 <=4.0.19), org.springaicommunity:tool-searcher-vectorstore (>=2.0.0 <=2.0.1) +54 more potentially affected by CVE-2026-22729 via org.springframework.ai:spring-ai-vector-store (>=2.0.0-M1 <=2.0.0-M2)

org.springframework.ai:spring-ai-vector-store MAVEN version =2.0.0-M1, =4.0.14, =2.0.0, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M1, =2.0.0-M2 and more Source c...

SUSE-SU-2025:01640-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48933: netfilter: nftables: fix memory leak during stateful obj update bsc1229621. - CVE-2022-49110: netfilter: conntrack: revisit gc autotuning...

[SECURITY] Fedora 40 Update: bolzplatz2006-1.0.3-58.fc40

Slam Soccer 2006 is a funny football game in 3D-comic-style - and it's for free! Freeware and open source Funny 3d-comic-style Enthralling stadium atmosphere Keyboard and gamepad control 2-player mode Career and world cup Register in the online hall of fame Build your own stadium 80 teams 20...

Fedora: Security Advisory for stellarium (FEDORA-2023-b7e90bc682)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: stellarium-1.2-9.fc37

Stellarium is a real-time 3D photo-realistic nightsky renderer. It can generate images of the sky as seen through the Earth's atmosphere with more than one hundred thousand stars from the Hipparcos Catalogue, constellations, planets, major satellites and nebulas...

[SECURITY] Fedora 38 Update: stellarium-1.2-9.fc38

Stellarium is a real-time 3D photo-realistic nightsky renderer. It can generate images of the sky as seen through the Earth's atmosphere with more than one hundred thousand stars from the Hipparcos Catalogue, constellations, planets, major satellites and nebulas...

Atmosphere Java Framework Reflected Cross-Site Scripting

A cross-site scripting vulnerability exists in Atmosphere. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

JBoss RichFaces Improper Input Validation vulnerability

The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service memory consumption and out-of-memory error via a large number of malformed atmosphere push requests...

in atmosphere/atmosphere

Description The atmosphere is vulnerable to SSRF Server Side Request Forgery via XML External Entity XXE. An attacker that is able to provide a crafted XML file as input to the WebDotXmlReader constructor in the "WebDotXmlReader.java" file may allow an attacker to execute XML External Entities XX...

com.manydesigns:demo-tt (>=5.0.0 <=5.2.0), com.manydesigns:portofino-atmosphere (>=5.0.0 <=5.0.3) +17 more potentially affected by CVE-2021-29451 via com.manydesigns:portofino-dispatcher (>=5.0.0 <=5.2.0)

com.manydesigns:portofino-dispatcher MAVEN version =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.2.0 and more Source cves: CVE-2021-29451 Source advisory: OSV:GHSA-6G3C-2MH5-7Q6X...

com.manydesigns:demo-tt (>=5.0.0 <=5.2.0), com.manydesigns:portofino-atmosphere (>=5.0.0 <=5.0.3) +16 more potentially affected by CVE-2021-29451 via com.manydesigns:portofino-core (>=5.0.0 <=5.2.0)

com.manydesigns:portofino-core MAVEN version =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.2.0 and more Source cves: CVE-2021-29451 Source advisory: OSV:GHSA-6G3C-2MH5-7Q6X...

Avaya IP Office 11 - Password Disclosure

Exploit Title: Avaya IP Office 11 - Password Disclosure Exploit Author: hyp3rlinx Date: 2020-06-09 Vender Homepage: https://downloads.avaya.com Product Link: https://downloads.avaya.com/css/P8/documents/101067493 CVE: CVE-2020-7030 + Credits: John Page aka hyp3rlinx + Website:...

Avaya IP Office 11 Insecure Transit / Password Disclosure Vulnerability

Avaya IP Office versions 9.1.8.0 through 11 suffer from an insecure transit vulnerability that allows for password disclosure. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

Man-in-the-middle

atmosphere-project is vulnerable to man-in-the-middle attack. The attack is possible because it does not use HTTPS to download dependencies, allowing an attacker to manipulate the dependencies...

org.apache.camel:camel-atmosphere-websocket (=2.16.0), org.apache.camel:camel-example-cxf-tomcat (=2.16.0) +8 more potentially affected by CVE-2015-5348 via org.apache.camel:camel-servlet (=2.16.0)

org.apache.camel:camel-servlet MAVEN version =2.16.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.camel:camel-servlet and may be impacted: - org.apache.camel:camel-atmosphere-websocket =2.16.0 - org.apache.camel:camel-example-cxf-tomcat...

Cross-site Scripting (XSS)

atmosphere-runtime is vulnerable to a cross-site scripting XSS attack. The library does not properly escape the JSONP callback parameter when passed to the server, allowing a malicious user to inject and execute arbitrary Javascript through it...

Cross-Site Scripting (XSS)

atmosphere-runtime is vulnerable to cross-site scripting XSS. The JSONP transport method does not specify the content-type header when responding with the JSONP callback parameter, which causes web browsers to render the response when the parameter contains HTML and Javascript. This allows a remo...

Atmosphere 1.x / 2.x Cross Site Scripting Vulnerability

Async-IO.org Atmosphere suffers from a cross site scripting vulnerability. Versions affected include 2.4.0 through 2.4.28, 2.3.0 through 2.3.9, 2.2.0 through 2.2.12, 2.1.0 through 2.1.13, 2.0.0 through 2.0.11, and 1.0.0 through 1.0.20. COMPASS SECURITY ADVISORY...

Atmosphere 1.x / 2.x Cross Site Scripting

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Atmosphere 1 Vendor: Async-IO.org CSNC ID: CSNC-2018-023 Subject: Reflected Cross-Site Scripting XSS Risk: High Effect: Remotely exploitable Author: Lukasz D. [email protected] Date: 13.08.2018...

RichFaces: remote denial of service via memory exhaustion

It was found that certain malformed requests caused RichFaces to leak memory. A remote, unauthenticated attacker could use this flaw to send a large number of malformed requests to a RichFaces application that uses the Atmosphere framework, leading to a denial of service excessive memory...