4734 matches found
CVE-2025-59355
A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext...
CVE-2025-59355
A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext...
CVE-2025-59355
Apache Linkis CVE-2025-59355 affects 1.0.0–1.7.0, where HiveUtils.decode() may log the full input parameter on Base64 decode failure, risking leakage of sensitive values (e.g., hive-site.xml passwords) if error logs are readable. A fix is available in 1.8.0+ that desensitizes the log (logger.erro...
CVE-2025-59355 Apache Linkis: Password Exposure
A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext...
CVE-2025-59355 Apache Linkis: Password Exposure
A vulnerability. When org.apache.linkis.metadata.util.HiveUtils.decode fails to perform Base64 decoding, it records the complete input parameter string in the log via logger.errorstr + "decode failed", e. If the input parameter contains sensitive information such as Hive Metastore keys, plaintext...
Apache Linkis security vulnerabilities
Apache Linkis is a middleware product developed by the Apache Foundation in the United States. It enables effective connections between upper-level applications and underlying data engines. Versions of Apache Linkis prior to 1.7.0 contain security vulnerabilities. These vulnerabilities stem from...
MiracleLinux 3 : qt-3.3.6-23.1AXS3 (AXBA:2008-400:02)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2008-400:02 advisory. - The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remo...
MiracleLinux 3 : cups-1.3.7-8.4.1AXS3 (AXSA:2009-44:01)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-44:01 advisory. The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. It has been developed by Easy Software Products to...
SUSE CVE-2026-22858
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = ...
MiracleLinux 4 : openssl-1.0.1e-42.AXS4.1 (AXSA:2015-934:07)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-934:07 advisory. Security issues fixed with this release: CVE-2015-3194 crypto/rsa/rsaameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote...
MiracleLinux 7 : libtasn1-4.10-1.el7 (AXSA:2017-1751:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1751:01 advisory. Libtasn1 is a library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004774)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004774 advisory. In the Linux kernel, the following vulnerability has been resolved: lz4: fix LZ4decompresssafepartial read out of bound When partialDecoding, it is EOF if we've eith...
CVE-2026-22775
Summary : CVE-2026-22775 affects the Svelte devalue library. Vulnerable range : devalue.parse input handling from versions 5.1.0 through 5.6.1. Root cause : the ArrayBuffer hydration path decodes input as base64 without validating the input first, allowing crafted data to cause excessive CPU time...
Server-side Request Forgery (SSRF)
Overview @sveltejs/adapter-node is an Adapter for SvelteKit apps that generates a standalone Node server Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper decoding of protocol headers in resolved path. An attacker can cause the server process...
Ubuntu: Security Advisory (USN-7954-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001959)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001959 advisory. Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause...
CVE-2026-22858
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = ...
UBUNTU-CVE-2026-22858
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = ...
CVE-2026-22858
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = ...
CVE-2026-22858
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c = ...