7 matches found
BIT-DISCOURSE-2026-33422 Discourse exposes ip_address of flagged user
Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, the ipaddress of a flagged user is exposed to any user who can access the review queue, including users who should not be able to see IP addresses. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contai...
PT-2025-41771
Name of the Vulnerable Software and Affected Versions Uniweb/SoliPACS WebServer developed by EBM Technologies affected versions not specified Description A missing authentication issue exists in Uniweb/SoliPACS WebServer developed by EBM Technologies. This allows unauthenticated remote attackers ...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS : Go vulnerabilities (USN-6038-2)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6038-2 advisory. USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and G...
Rocky Linux 9 : grafana-pcp (RLSA-2022:8250)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8250 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if...
AlmaLinux 9 : git-lfs (ALSA-2023:2357)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:2357 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if...
Amazon Linux 2022 : golist (ALAS2022-2022-192)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-192 advisory. A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating chunked encoding. This issue could allow request smuggling, but only if combined with an...
Oracle Linux 8 : git-lfs (ELSA-2022-7129)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-7129 advisory. 2.13.3-3 - Rebuild with new Golang - Resolves: rhbz2131795 Tenable has extracted the preceding description block directly from the Oracle Linux securit...