20 matches found
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the ToASCII and ToUnicode functions. An attacker can bypass hostname validation by submitting Punycode-encoded labels that decode to ASCII-only labels, potentially leading to privilege escalation in...
SUSE-SU-2026:21827-1 Security update for mcphost
This update for mcphost fixes the following issues - CVE-2025-30153: github.com/getkin/kin-openapi/openapi3filter: Improper Handling of Highly Compressed Data Data Amplification in github.com/getkin/kin-openapi/openapi3filter bsc1264762. - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client...
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output due to improper escaping of single quotes in the SSH transport command construction process. An attacker can inject arbitrary shell tokens by including single quotes in the repository path,...
OPENSUSE-SU-2026:20762-1 Security update for go1.26
This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: "go tool pack" does...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the create method in the DictionaryEntryPersistor class, which initializes a SAXParserFactory without enabling FEATURESECUREPROCESSING or disabling DTD processing. An attacker can access local files...
Use of Incorrectly-Resolved Name or Reference
Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in StripPrefixRegex, when used together with ForwardAuth, BasicAuth, or DigestAuth. An attacker can gain unauthorized access to protected backend resources by sending requests with...
OPENSUSE-SU-2026:20479-1 Security update for clamav
This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file bsc1259207. Non security issue: - Support...
SUSE-SU-2026:1325-1 Security update for clamav
This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file bsc1259207. Non security issue: - Support...
EUVD-2021-0003
Malware in sbrugna...
Incorrect Permission Assignment for Critical Resource
Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to using os.MkdirAll function which does not perform any permission checks when a given directory path already exists. An attacker can gain unauthorized access or modify files by...
PT-2025-37862
Name of the Vulnerable Software and Affected Versions Spring Framework affected versions not specified Description The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type. This can lead to an...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via the manipulation of the Forwarded or X-Forwarded-Host header in incoming requests. An attacker can capture the secret reset code and gain unauthorized access to the user's account by causing the system to generate a...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to the improper validation of target registry domains during the token exchange process. An attacker can extract and misuse authentication tokens by directin...
wasmvm: Malicious smart contract can slow down block production
CWA-2025-002 Severity Medium Moderate + Likely^1 Affected versions: - wasmvm = 2.2.0, = 2.1.0, = 2.0.0, 2.0.6 - wasmvm 1.5.8 Patched versions: - wasmvm 1.5.8, 2.0.6, 2.1.5, 2.2.2 Description of the bug The vulnerability can be used to slow down block production. The attack requires a malicious...
GHSA-P72Q-H37J-3HQ7 dbt uses a SQLparse version with a high vulnerability
Summary Using a version of sqlparse that has a security vulnerability and no way to update in current version of dbt core. Snyk recommends using sqlparse==0.5 but this causes a conflict with dbt. Snyk states the issues is a recursion error: SNYK-PYTHON-SQLPARSE-6615674. Details Dependency conflic...
Consider Disabling Inherited _cancel Function In The Governor Contracts
Lines of code Vulnerability details Impact The currently used openzeppelin upgradeable contracts dependency @openzeppelin/contracts-upgradeable is v4.7.3 The security council management contracts are inheriting the openzeppelin GovernorUpgradeable contracts to manage proposals. This version of...
SUSE-SU-2023:2097-1 Security update for maven and recommended update for antlr3, minlog, sbt, xmvn
This update for antlr3, maven, minlog, sbt, xmvn fixes the following issues: maven: - Version update from 3.8.5 to 3.8.6 jscSLE-23217: Security fixes: + CVE-2021-42550: Update Version of optional Logback bsc1193795 Bug fixes: + Fix resolver session containing non-MavenWorkspaceReader + Fix for...
Open Redirect
Overview trailing-slash is an Add or remove trailing slashes, and redirect. Affected versions of this package are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint such as https://example.com//attacker.example/. The vulnerable cod...
CVE-2020-9489
A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade ...
Fedora 16 : cumin-0.1.5522-4.fc16 (2012-17854)
Latest build adds a missing dependency on python-saslwrapper and missing upgrade scripts in addition to a patch for BZ842286. The previous version of the spec file did not install cumin-report and was missing a dependency on pymongo. This release contains many bug fixes logged against Cumin in RH...