[SECURITY] [DLA 4548-1] distro-info-data database update

Debian LTS Advisory DLA-4548-1 [email protected] https://www.debian.org/lts/security/ Stefano Rivera April 25, 2026 https://wiki.debian.org/LTS Package : distro-info-data Version : 0.51+deb11u11 This is a routine update of the distro-info-data database for Debian LTS users. It updates t...

Debian dla-4548 : distro-info-data - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4548 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4548-1 [email protected] https://www.debian.org/lts/security/...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview UmbracoForms is a tool that makes creating contact forms, entry forms and questionnaires just as easy as using Word. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the dynamic SOAP client generation...

EUVD-2017-16965

Malware in sbrugna...

EUVD-2025-12381

Malicious code in bioql PyPI...

EUVD-2024-51082

Malicious code in bioql PyPI...

EUVD-2024-0512

Malicious code in bioql PyPI...

EUVD-2022-32839

Malicious code in bioql PyPI...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper handling of integer values in the msdia140.dll process. An attacker can execute arbitrary code by supplying specially crafted input that triggers an integer overflow and subsequent heap-bas...

CVE-2025-36855

A vulnerability CVE-2025-21176 https://www.cve.org/CVERecord exists in DiaSymReader.dll due to buffer over-read. Per CWE-126: Buffer Over-read https://cwe.mitre.org/data/definitions/126.html , Buffer Over-read is when a product reads from a buffer using buffer access mechanisms such as indexes or...

CVE-2025-52982

Juniper Junos OS MX Series with MS-MPC SIP ALG is affected. When two or more SIP-processing service sets run, an improper resource shutdown can cause the MS-MPC to crash and restart, enabling unauthenticated network-based DoS. Affected versions: all before 21.2R3-S9; 21.4 from 21.4R1; 22.2 before...

CVE-2025-7326

Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. NOTE: This CVE affects only End Of Life EOL software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry...

CVE-2025-7326

CVE-2025-7326 is an elevation-of-privilege weakness described in IBM’s security bulletin as affecting IBM Robotic Process Automation products running on ASP.NET Core (the vulnerable ASP.NET Core component used by IBM RPA). The IBM page confirms weak authentication in EOL ASP.NET Core can let an u...

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-6543

Severity - Critical Description of Problem A vulnerability has been discovered in NetScaler ADC formerly Citrix ADC and NetScaler Gateway formerly Citrix Gateway. Refer below for further details. Affected Versions The following supported versions of NetScaler ADC and NetScaler Gateway are affecte...

CVE-2022-28394

EOL Product CVE - Installer of Trend Micro Password Manager Consumer versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Please note that this was reported on an EOL...

CVE-2022-45136

Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...

Geo Vision EoL Devices Improper Neutralization of Special Elements used in an OS Command (CVE-2024-6047)

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. This plugin only works with Tenable.ot. Please visit...

CVE-2025-3838

An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed...

CVE-2025-3838

An Improper Authorization vulnerability was identified in the EOL OVA based connect component which is deployed for installation purposes in the customer internal network. Under certain conditions, this could allow a bad actor to gain unauthorized access to the local db containing weakly hashed...

CVE-2025-3840

CVE-2025-3840 describes an XSS in the End of Life OVA Connect Installer component (Saviynt EOL OVA). The vulnerability stems from improper neutralization of input in the login form’s action parameter, enabling injected scripts under certain conditions. The component is deprecated since Sep 2023 w...