Huawei EulerOS: Security Advisory for rsync (EulerOS-SA-2025-1437)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for pam (EulerOS-SA-2025-1243)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-4812

The CVE-2024-4812 entries describe a stored cross-site scripting (XSS) vulnerability in the Katello plugin for Foreman, where malicious JavaScript can be saved in a user Description field and executed when loading pages such as Host Collections. Root cause: insufficient input sanitization of the ...

CVE-2024-3622

A flaw was found when using mirror-registry to install Quay. It uses a default secret, which is stored in plain-text format in one of the configuration template files. This issue may lead to all instances of Quay deployed using mirror-registry to have the same secret key. This flaw allows a...

CVE-2023-4235

A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decodedeliverreport function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound...

CVE-2023-1729

A flaw was found in LibRaw. A heap-buffer-overflow in raw2imageex caused by a maliciously crafted file may lead to an application crash...

CVE-2023-0801

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the TIFFmemcpy function in libtiff/tifunix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification...

GHSA-R5C5-PR8J-PFP7 golang.org/x/crypto/salsa20/salsa uses insufficiently random values

An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the...

CVE-2021-33117

A flaw was found in hw. Improper access control for some third-generation IntelR XeonR Scalable processors before BIOS version MR7 may potentially allow a local attacker to enable information disclosure via local access. Mitigation Mitigation for this issue is either not available or the currentl...

CVE-2021-3490

A flaw was found in the Linux kernels eBPF verification code. It was discovered that eBPF ALU32 bounds tracking for bitwise ops AND, OR and XOR did not update the 32-bit bounds. By default accessing the eBPF verifier is only accessible to privileged users with CAPSYSADMIN. A local user with the...

Memory corruption

A flaw was found in gnutls. A use after free issue in clientsendparams in lib/ext/presharedkey.c may lead to memory corruption and other potential consequences...

CVE-2020-27818

A flaw was found in the checkchunkname function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability...