49 matches found
MiracleLinux 3 : krb5-1.6.1-70.AXS3 (AXSA:2012-256:02)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-256:02 advisory. Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartex...
CVE-2020-7110
ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher...
Security update for unbound
This update for unbound fixes the following issues: CVE-2025-11411: Fixed possible domain hijacking attack. bsc1252525 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command list...
SUSE SLES12: bind / bind-chrootenv / bind-devel / bind-doc / bind-utils / etc (SUSE-SU-2025:3976-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:3976-1 advisory. - CVE-2025-40778: Address various spoofing attacks bsc1252379. Tenable has extracted the preceding description block directly from the SUSE security...
EUVD-2018-1954
Malware in sbrugna...
EUVD-2024-2261
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2019-1010057
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component...
Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.0.13 Update
New Red Hat build of Keycloak 26.0.13 packages are available from the Customer Portal Red Hat build of Keycloak 26.0.13 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security...
SUSE-SU-2025:02491-1 Security update 5.0.5 for Multi-Linux Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 - CVE-2024-38824: Fixed directory...
CVE-2025-27773 SimpleSAMLphp SAML2 library has incorrect signature verification for HTTP-Redirect binding
The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...
SUSE-SU-2025:0744-1 Security update for openssh8.4
This update for openssh8.4 fixes the following issues: - CVE-2025-26465: Fixed a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040. Other bugfixes: - Fix usage of local accelerator cards via openssl-ibmca bsc1216474, bsc1218871. - Add patches from upstream to change the...
SUSE-SU-2025:0659-1 Security update for openssh
This update for openssh fixes the following issues: - CVE-2025-26465: Fixed a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040. - Add a s390 specific ioctl for ECC hardware support bsc1225637: - for migration to openssh 8.4: write active/enabled switch over files only if n...
SUSE-SU-2025:0585-1 Security update for openssh
This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client bsc1237040. - CVE-2025-26466: Fixed DoS attack against OpenSSH's client and server bsc1237041...
CVE-2024-47873
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the scan method and the findCharSet method can be bypassed by using...
Security update for xen
This update for xen fixes the following issues: CVE-2024-53241: Xen hypercall page unsafe against speculative attacks bsc1234282. Bug fixes: Update to Xen 4.18.4 security bug fix release bsc1027519 x86: Prefer ACPI reboot over UEFI ResetSystem run time service call No other changes mentioned in...
SUSE: Security Advisory (SUSE-SU-2024:4212-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for pcp
This update for pcp fixes the following issues: pcp was updated from version 5.2.5 to version 6.2.0 jscPED-8192, jscPED-8389: Security issues fixed: CVE-2024-45770: Fixed a symlink attack that allows escalating from the pcp to the root user bsc1230552 CVE-2024-45769: Fixed a heap corruption throu...
Adyen APIs Library for Python timing attack vulnerability
Adyen has utility methods for validating notification HMAC signatures. The isvalidhmac and isvalidhmacnotification methods are vulnerable to a timing attack, you should compare the hash of the HMACs instead...
SUSE-SU-2024:1447-1 Security update for openCryptoki
This update for openCryptoki fixes the following issues: Upgrade openCryptoki to version 3.23 jscPED-3360, jscPED-3361 EP11: Add support for FIPS-session mode CVE-2024-0914: Updates to harden against RSA timing attacks bsc1219217 Bug fixes - provide userpkcs11 and grouppkcs11 Upgrade to version...
SUSE-SU-2024:0804-1 Security update for java-1_8_0-openjdk
This update for java-180-openjdk fixes the following issues: - CVE-2024-20952: Fixed RSA padding issue and timing side-channel attack against TLS 8317547 bsc1218911. - CVE-2024-20921: Fixed range check loop optimization issue 8314307 bsc1218905. - CVE-2024-20926: Fixed rbitrary Java code executio...