[SECURITY] Fedora 43 Update: rubygem-json-2.13.2-2.fc43

This is a implementation of the JSON specification according to RFC 4627 in Ruby. You can think of it as a low fat alternative to XML, if you want to store data to disk or transmit it over a network rather than use a verbose markup language...

CVE-2026-32240

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This...

CVE-2026-32239

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in...

CVE-2026-24896

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edihmain.php endpoint, which allows any authenticated user—including low-privilege roles like Receptionist—to...

EUVD-2026-8584

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edihmain.php endpoint, which allows any authenticated user—including low-privilege roles like Receptionist—to...

CVE-2026-24896 OpenEMR has Broken Access Control that allows unauthorized access to EDI Logs

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edihmain.php endpoint, which allows any authenticated user—including low-privilege roles like Receptionist—to...

PT-2026-21825

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edih main.php endpoint, which allows any authenticated user—including low-privilege roles like Receptionist—to...

Moderate: perl-JSON-XS security update

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C. Security Fixes: JSON-XS: integer buffer overflow causing a segfault when parsing crafted JSON CVE-2025-40928 For...

CVE-2025-7426

Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of...

CVE-2025-7426 MINOVA TTA Information Disclosure and Credential Exposure

Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of...

PT-2025-34601 · Unknown · Minova Tta

Name of the Vulnerable Software and Affected Versions: MINOVA TTA version 11.17.0 Description: The MINOVA TTA service exposes authentication FTP credentials through debug port 1604, allowing unauthenticated remote access to active FTP accounts containing sensitive internal data and import...

Moderate: Red Hat Security Advisory: protobuf security update

An update for protobuf is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 8 : protobuf (RHSA-2024:3433)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3433 advisory. The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet...

Fedora: Security Advisory for liblas (FEDORA-2024-ef8c8a8b37)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

XAO-Web 安全漏洞

XAO-Web is part of the XAO suite of open source web services. It allows dynamic web content to be built using data, templates and external input. A security vulnerability exists in XAO-Web versions prior to 1.84, which stems from the XAO Web module incorrectly handling JSON output characters duri...

[SECURITY] Fedora 38 Update: liblas-1.8.2-0.12.gitf1da555.fc38

libLAS is a C/C++ library for reading and writing the very common LAS LiDAR format. The ASPRS LAS format is a sequential binary format used to store data from LiDAR sensors and by LiDAR processing software for data interchange and archival...

[SECURITY] Fedora 40 Update: python-javaobj-0.4.3-12.fc40

python-javaobj is a python library that provides functions for reading and writing writing is WIP currently Java objects serialized or will be deserialized by ObjectOutputStream. This form of object representation is a standard data interchange format in Java world...

CVE-2023-48230

Cap'n Proto is a data interchange format and capability-based RPC system. In versions 1.0 and 1.0.1, when using the KJ HTTP library with WebSocket compression enabled, a buffer underrun can be caused by a remote peer. The underrun always writes a constant value that is not attacker-controlled,...

GHSA-8J28-34QQ-GMCH Apache Sling Commons JSON bundle vulnerable to Improper Input Validation

Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The org.apache.sling.commons.json bundle has been...

CVE-2022-46149

Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error...