263 matches found
[SECURITY] Fedora 44 Update: suricata-8.0.5-1.fc44
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nginx: nginx-1.30.2-1.hum1 aarch64, x8664 nginx-all-modules-1.30.2-1.hum1 noarch nginx-core-1.30.2-1.hum1 aarch64, x8664 nginx-filesystem-1.30.2-1.hum1 noarch nginx-mod-devel-1.30.2-1.hum1 aarch6...
Critical: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nginx: nginx-1.30.1-1.hum1 aarch64, x8664 nginx-all-modules-1.30.1-1.hum1 noarch nginx-core-1.30.1-1.hum1 aarch64, x8664 nginx-filesystem-1.30.1-1.hum1 noarch nginx-mod-devel-1.30.1-1.hum1 aarch6...
Security update for tor (moderate)
openSUSE Security Update: Security update for tor Announcement ID: openSUSE-SU-2026:0147-1 Rating: moderate References: 1262301 1262302 Affected Products: openSUSE Backports SLE-15-SP6 openSUSE Backports SLE-15-SP7 An update that contains security fixes can now be installed. Description: This...
openSUSE 16 Security Update : tor (openSUSE-SU-2026:20589-1)
The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20589-1 advisory. Changes in tor: - update to 0.4.8.23: Fix a memory compare using the wrong length. This could lead to a remote crash when using the conflux subsystem...
OPENSUSE-SU-2026:20589-1 Security update for tor
This update for tor fixes the following issues: Changes in tor: - update to 0.4.8.23: Fix a memory compare using the wrong length. This could lead to a remote crash when using the conflux subsystem TROVE-2026-004, boo1262302 Fix a series of defense in depth security issues found across the codeba...
Logstash 8.19.14, 9.2.8, 9.3.3 Security Update (ESA-2026-29)
Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write Improper Limitation of a Pathname to a Restricted Directory CWE-22 in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal CAPEC-139. The...
[SECURITY] Fedora 43 Update: suricata-7.0.15-1.fc43
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
[SECURITY] Fedora 44 Update: suricata-8.0.4-1.fc44
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
nginx:1.24 security update
1.24.0-2.0.1 - Remove Red Hat references Orabug: 29498217 1:1.24.0-2 - Resolves: RHEL-146517 - nginx:1.24/nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-1642 1:1.24.0-1 - Resolves: RHEL-14714 - add nginx:1.24 to RHEL 8.10 1:1.22.1-2 - Resolves:...
actix-web-location (>=0.1.0 <=0.7.0), bext-waf (=0.2.0) +17 more potentially affected by unknown CVE via maxminddb (>=0.12.0 <=0.24.0)
maxminddb CARGO version =0.12.0, =0.1.0, =0.1.3, =1.5.1, =0.1.0, =0.7.0, =0.4.0, =0.0.1, =0.1.8, =0.3.0, =0.5.0, =0.1.0, =0.1.0, =0.1.0, =0.5.7 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0132...
Malicious code in @posthog/geoip-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52ea0a6028390c3a43f98bcd7b2afa97a6f1fae311e31138717c69d610c4c8a2 The package @posthog/geoip-plugin was found to contain malicious code. Source: google-open-source-security...
EUVD-2025-198946
Malicious code in @posthog/geoip-plugin npm...
MAL-2025-190879 Malicious code in @posthog/geoip-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 52ea0a6028390c3a43f98bcd7b2afa97a6f1fae311e31138717c69d610c4c8a2 The package @posthog/geoip-plugin was found to contain malicious code. Source: google-open-source-security...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Improper Certificate Validation
org.opensearch.dataprepper.plugins:geoip-processor is vulnerable to Improper Certificate Validation. The vulnerability is due to the use of deprecated "SSL" when creating SSL contexts, which allows an attacker to potentially force negotiation of outdated and insecure SSL protocols, increasing the...
[SECURITY] Fedora 43 Update: suricata-7.0.13-1.fc43
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
[SECURITY] Fedora 42 Update: suricata-7.0.12-1.fc42
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. This new Engine supports Multi-threading, Automatic...
GHSA-3XGR-H5HQ-7299 GeoIP processor disables SSL certificate validation when downloading databases
Impact The GeoIP processor in Data Prepper was configured to trust all SSL certificates and disable hostname verification when downloading GeoIP databases from HTTP URLs, making downloads vulnerable to man-in-the-middle attacks. The GeoIP processor included a custom SSL implementation that...
GeoIP processor disables SSL certificate validation when downloading databases
Impact The GeoIP processor in Data Prepper was configured to trust all SSL certificates and disable hostname verification when downloading GeoIP databases from HTTP URLs, making downloads vulnerable to man-in-the-middle attacks. The GeoIP processor included a custom SSL implementation that...