Alibaba Cloud Linux 3 : 0023: httpd:2.4 (ALINUX3-SA-2022:0023)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0023 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-22720: Apache HTTP Server 2.4.52 and earli...

Alibaba Cloud Linux 3 : 0187: varnish:6 (ALINUX3-SA-2022:0187)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0187 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-45060: An HTTP Request Forgery issue was...

Alibaba Cloud Linux 3 : 0096: squid:4 (ALINUX3-SA-2021:0096)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2021:0096 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-25097: An issue was discovered in Squid...

Alibaba Cloud Linux 3 : 0165: nodejs:14 (ALINUX3-SA-2022:0165)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0165 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-32212: A OS Command Injection...

Alibaba Cloud Linux 3 : 0069: go-toolset:rhel8 (ALINUX3-SA-2021:0069)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0069 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-16276: Go before 1.12.10 and 1.13...

[SECURITY] [DSA 5918-1] varnish security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5918-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 13, 2025 https://www.debian.org/security/faq -...

Debian dsa-5918 : libvarnishapi-dev - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5918 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5918-1 [email protected] https://www.debian.org/security/ Moritz...

ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files

ASUS has released updates to address two security flaws impacting ASUS DriverHub that, if successfully exploited, could enable an attacker to leverage the software in order to achieve remote code execution. DriverHub is a tool that's designed to automatically detect the motherboard model of a...

CVE-2025-20196

A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service DoS condition. This...

CVE-2025-20164

A vulnerability in the Cisco Industrial Ethernet Switch Device Manager DM of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service [CVE-2024-6827, CVE-2025-1194]

Summary Python modules gunicorn and transformers are used by IBM App Connect Enterprise Certified Container when providing mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin...

SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation

Exploit Title: SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation Date: 2025-05-7 Exploit Author: Abdualhadi khalifa https://x.com/absholi7ly/ Affected: Versions All versions of OttoKit SureTriggers ≤ 1.0.82. Conditions for Exploitation The vulnerability can be exploited under the followin...

SUSE SLES12: libsoup-2_4-1 / libsoup-2_4-1-32bit / libsoup-devel / libsoup-lang / etc (SUSE-SU-2025:1518-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1518-1 advisory. - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 - CVE-2024-52531: Fixed buffer...

SUSE-SU-2025:1518-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names bsc1233285 - CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict bsc1233292 - CVE-2024-52532: Fixed...

Rego Code Injection

github.com/open-policy-agent/opa is vulnerable to Rego code injection. The vulnerability is due to unsanitized HTTP request paths being used to construct Rego queries during policy evaluation, allowing attackers to inject Rego code...

BIT-MASTODON-2023-49952

Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header...

Tenable Sensor Proxy < 1.2.0 Multiple Vulnerabilities (TNS-2025-08)

According to its self-reported version, the Tenable Sensor Proxy running on the remote host is less than 1.2.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2025-08 advisory. - Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. CVE-2019-162...

Ubuntu 24.04 LTS / 24.10 / 25.04 : h11 vulnerability (USN-7503-1)

The remote Ubuntu 24.04 LTS / 24.10 / 25.04 host has a package installed that is affected by a vulnerability as referenced in the USN-7503-1 advisory. Jeppe Bonde Weikop discovered that h11 incorrectly handled crafted HTTP requests. A remote attacker could possibly use this issue to smuggle...

CVE-2025-20164

A vulnerability in the Cisco Industrial Ethernet Switch Device Manager DM of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this...

CVE-2025-20164

A vulnerability in the Cisco Industrial Ethernet Switch Device Manager DM of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this...