28 matches found
openSUSE 16 Security Update : go1.24 (openSUSE-SU-2026:20077-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20077-1 advisory. Update to go1.24.12 released 2026-01-15 bsc1236217 Security fixes: - CVE-2025-61730: crypto/tls: handshake messages may be processed at the...
EUVD-2020-7252
Malware in sbrugna...
CVE-2025-24022 iTop server vulnerable to portal code injection
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop's portal. This is fixed in versions 2.7.12, 3.1.3 and 3.2.1...
openSUSE Security Advisory (SUSE-SU-2024:2907-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2024:2904-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-27934
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.36.2 and prior to version 1.40.3, use of inherently unsafe const cvoid and ExternalPointer leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Use of inherently unsafe...
CVE-2025-23196
CVE-2025-23196 describes a code injection vulnerability in the Ambari Alert Definition feature. An authenticated user can exploit the vulnerability when defining alert scripts, where the script filename field is executed via sh -c , enabling remote command execution on the server. Multiple connec...
openSUSE: Security Advisory for redis7 (SUSE-SU-2025:0160-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-46981 Redis' Lua library commands may lead to remote code execution
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...
CVE-2024-47540
GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gstmatroskademuxaddwvpkheader function within matroska-demux.c. When size allocator-memunmapfull or mem-allocator-memunmap. This vulnerability coul...
CVE-2024-47540 GHSL-2024-197: GStreamer uses uninitialized stack memory in Matroska/WebM demuxer
GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gstmatroskademuxaddwvpkheader function within matroska-demux.c. When size allocator-memunmapfull or mem-allocator-memunmap. This vulnerability coul...
RLSA-2024:5530 Important: python-setuptools security update
The python-setuptools package provides a collection of enhancements to Python distribution utilities allowing convenient building and distribution of Python packages. Security Fixes: pypa/setuptools: Remote code execution via download functions in the packageindex module in pypa/setuptools...
CVE-2024-41119
The CVE-2024-41119 entry concerns streamlit-geospatial. Affected component: the page 8_🏜️_Raster_Data_Visualization.py where the vis_params parameter accepts user input that is later used in eval(), enabling remote code execution prior to the fix (commit c4f81d9616d40c60584e36abb15300853a66e489). ...
[SECURITY] [DSA 5656-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5656-1 [email protected] https://www.debian.org/security/ Andres Salomon April 11, 2024 https://www.debian.org/security/faq -...
SUSE-SU-2024:0290-1 Security update for python-Pillow
This update for python-Pillow fixes the following issues: - CVE-2023-50447: Fixed arbitrary code execution via the environment parameter. bsc1219048 - CVE-2022-22817: Fixes evaluation of arbitrary expressions via PIL.ImageMath.eval. bsc1194521...
SUSE-SU-2023:2078-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.38.6 bsc1210731: - CVE-2022-0108: Fixed information leak. - CVE-2022-32885: Fixed arbitrary code execution. - CVE-2023-25358: Fixed use-after-free vulnerability in WebCore::RenderLayer. - CVE-2023-27932: Fixed Same Origin...
[SECURITY] [DLA 3124-1] webkit2gtk security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3124-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 28, 2022 https://wiki.debian.org/LTS -...
SUSE-SU-2022:0212-1 Security update for log4j
This update for log4j fixes the following issues: - CVE-2022-23307: Fix deserialization issue by removing the chainsaw sub-package. bsc1194844 - CVE-2022-23305: Fix SQL injection by removing src/main/java/org/apache/log4j/jdbc/JDBCAppender.java. bsc1194843 - CVE-2022-23302: Fix remote code...
[SECURITY] [DSA 4935-1] php7.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4935-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 05, 2021 https://www.debian.org/security/faq -...
OPENSUSE-SU-2020:1966-1 Security update for moinmoin-wiki
This update for moinmoin-wiki fixes the following issues: - update to version 1.9.11: CVE-2020-25074 boo1178744: fix remote code execution via cache action CVE-2020-15275 boo1178745: fix malicious SVG attachment causing stored XSS vulnerability...