6 matches found
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0 Vulnerability Details CVEID:CVE-2025-54121 DESCRIPTION: Starlette is a lightweight ASGI Asynchronous Server Gateway Interface framework/toolkit, designed for building async web services in Python. In versions...
Fedora: Security Advisory (FEDORA-2025-8628ba80b1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-54368
creationtimestamp| type| source ---|---|--- 2025-08-21 13:34:09+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lww2mexg5c2e...
CVE-2025-54368
A flaw was found in uv. The package's handling of remote ZIP archives processes entries sequentially without verifying them against the archive's central directory. This vulnerability allows a remote attacker to craft a malicious ZIP archive that can cause unexpected behavior when processed...
CVE-2025-54368
uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...
CVE-2025-54368
CVE-2025-54368 affects uv (Python package/project manager) up to v0.8.5, where remote ZIPs are parsed streaming-wise and archive entries aren’t reconciled with the central directory. An attacker could craft a ZIP that yields legitimate contents for some installers but malicious contents for other...