12 matches found
CVE-2025-48431 affecting package thrift for versions less than 0.15.0-6
CVE-2025-48431 affecting package thrift for versions less than 0.15.0-6. A patched version of the package is available...
CVE-2025-61779 Trustee's attestation-policy endpoint is not protected by admin autentication
Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated had the right key...
Linux Distros Unpatched Vulnerability : CVE-2025-55291
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Shaarli is a minimalist bookmark manager and link sharing service. Prior to 0.15.0, the input string in the cloud tag page is not properly sanitized. This allow...
CVE-2025-55291 Shaarli allows reflected XSS via searchtags parameter
Shaarli is a minimalist bookmark manager and link sharing service. Prior to 0.15.0, the input string in the cloud tag page is not properly sanitized. This allows the tag to be prematurely closed, leading to a reflected Cross-Site Scripting XSS vulnerability. This vulnerability is fixed in 0.15.0...
PT-2025-33676
Name of the Vulnerable Software and Affected Versions: Shaarli versions prior to 0.15.0 Description: Shaarli is a minimalist bookmark manager and link sharing service. Input strings in the cloud tag page are not properly sanitized, allowing premature closure of the tag. This results in a reflecte...
Linux Distros Unpatched Vulnerability : CVE-2020-24994
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack overflow in the parsetag function in libass/assparse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code executi...
External Secrets 访问控制错误漏洞
External Secrets is a Kubernetes-related application from External Secrets open source. An access control error vulnerability exists in External Secrets versions prior to 0.15.0 through 0.19.2 that stems from the PushSecret controller not applying a namespace selector, which could lead to the...
HashiCorp Boundary Security Vulnerability
HashiCorp Boundary is an open source solution from the US-based HashiCorp Inc. It automates secure identity-based user access to hosts and services across environments. A security vulnerability exists in HashiCorp Boundary and Boundary Enterprise versions prior to 0.15.0 that stems from...
PYSEC-2024-6
cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in cdo-local-uuid at version 0.4.0, and in case-utils in unpatched versions matching the pattern 0.x.0...
PYSEC-2024-5
cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in cdo-local-uuid at version 0.4.0, and in case-utils in unpatched versions matching the pattern 0.x.0...
Spice 安全漏洞
Spice is an adaptive telepresence open source protocol used by enterprise virtualized desktop editions. The product is primarily used to connect users to their virtual desktops and is capable of delivering the exact same end-user experience as a physical desktop. A security vulnerability exists i...
PT-2019-12490 · Eclipse +2 · Eclipse Openj9 +2
Name of the Vulnerable Software and Affected Versions: Eclipse OpenJ9 versions prior to 0.15.0 Description: The issue concerns AIX builds of Eclipse OpenJ9, where unused RPATHs may facilitate code injection and privilege elevation by local users. This could allow a local attacker to gain elevated...