UBUNTU-CVE-2026-41080

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document...

Linux Distros Unpatched Vulnerability : CVE-2023-49208

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration. CVE-2023-4920...

Z-Push 安全漏洞

Z-Push is an open source data synchronization software from Z-Hub. A security vulnerability exists in Z-Push versions prior to 2.7.6, which stems from an unparameterized query and could lead to a SQL injection attack...

WordPress NPS computy plugin < 2.7.6 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin NPS computy versions 2.7.6...

Glewlwyd SSO server security vulnerability

Glewlwyd SSO server is a single sign-on SSO server for multi-factor authentication for OAuth2 and OpenID Connect authentication. A security vulnerability exists in Glewlwyd SSO server versions prior to 2.7.6 that stems from a buffer overflow vulnerability in the FIDO2 credential validation proces...

OESA-2022-1700 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and...

Combodo iTop 代码注入漏洞

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management. A code injection vulnerability exists in Combodo iTop...

rubygems: Path traversal issue during gem installation allows to write to arbitrary filesystem locations

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to...

AZL-6786 CVE-2018-20969 affecting package patch for versions less than 2.7.6-7

doedscript in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter...

AZL-35101 CVE-2018-1000156 affecting package patch for versions less than 2.7.6-9

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

UBUNTU-CVE-2018-1000075

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can...