Fedora 43 : rsync (2026-d4d8ae2bdc)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-d4d8ae2bdc advisory. Fixing various bugs from Upstream. I did not do a rebase since the Upstream stopped supporting the rsync-patches repo. I accepted this change in Rawhide but ...

Parse Server has an auth provider validation bypass on login via partial authData

Impact An authentication bypass vulnerability allows an attacker to log in as any user who has linked a third-party authentication provider, without knowing the user's credentials. The attacker only needs to know the user's provider ID to gain full access to their account, including a valid sessi...

GHSA-PFJ7-WV7C-22PR Parse Server has an auth provider validation bypass on login via partial authData

Impact An authentication bypass vulnerability allows an attacker to log in as any user who has linked a third-party authentication provider, without knowing the user's credentials. The attacker only needs to know the user's provider ID to gain full access to their account, including a valid sessi...

PT-2026-26493

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.52 Parse Server versions prior to 9.6.0-alpha.41 Description A flaw exists in Parse Server that allows an attacker to bypass authentication and log in as any user who has linked a third-party authentication...

Nuclei Path Traversal vulnerability

Overview We have identified and addressed a security issue in the Nuclei project that affected users utilizing Nuclei as Go code SDK running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payloads loading in sandbox mode. Details In the...

Code injection

Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code SDK running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading in sandbox mode. Ther...

SUSE-SU-2018:3572-1 Security update for apache2-mod_nss

This update for apache2-modnss fixes the following issues: Due to the update of mozilla-nss apache2-modnss needs to be updated to change to the SQLite certificate database, which is now the default bsc1108771. Because of that this update is tagged as security, to reach customers that only install...

Man-in-the-Middle (MitM)

pry-rescue is vulnerable to man-in-the-middle MitM attacks. The vulnerability exists due to the use of the deprecated :rubygems option in the Gemfile, causing insecure HTTP requests to be made. A malicious user can potentially compromise the download to conduct MitM attacks...

SuSE 10 Security Update : OpenSSH (ZYPP Patch Number 4580)

This update fixes a bug in ssh's cookie handling code. It does not properly handle the situation when an untrusted cookie cannot be created and uses a trusted X11 cookie instead. This allows attackers to violate the intended policy and gain privileges by causing an X client to be treated as...

Vulnerability in OpenSSL CVE-2005-2969

A deprecated option, SSLOPMISESSLV2RSAPADDING, could allow an attacker acting as a “man in the middle” to force a connection to downgrade to SSL 2.0 even if both parties support better protocols. Found by researcher...