squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling

A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...

squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling

A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...

squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling

A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...

Improper Resource Shutdown or Release

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Resource Shutdown or Release due to the delayed cleaning of multipart upload temporary files. An attacker can cause a...

squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling

A Information Disclosure vulnerability has been identified in the Squid web caching proxy. This flaw occurs when the application fails to properly redact sensitive Hypertext Transfer Protocol HTTP authentication credentials from an error response. A remote client can exploit this by triggering an...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-38547)

media: atomisp: sshcss: null-pointer dereference in loadvideobinaries. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503608; scriptversion"1.2";...

[SECURITY] Fedora 42 Update: perl-YAML-Syck-1.36-1.fc42

This module provides a Perl interface to the libsyck data serialization library. It exports the Dump and Load functions for converting Perl data structures to YAML strings, and the other way around...

[SECURITY] Fedora 41 Update: perl-YAML-Syck-1.36-1.fc41

This module provides a Perl interface to the libsyck data serialization library. It exports the Dump and Load functions for converting Perl data structures to YAML strings, and the other way around...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in DisposalDaemon.java. In high-core environments under heavy load, the disposal thread can fall behind and allow excessive memory use. Note This issue was reported for environments...

OESA-2025-2492 qt5-qtimageformats security update

The core Qt Gui library by default supports reading and writing image files of the most common file formats: PNG, JPEG, BMP, GIF and a few more, ref. Reading and Writing Image Files. The Qt Image Formats add-on module provides optional support for other image file formats. Security Fixes: When...

CVE-2025-11866

The Photographers galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes w, h, rawcss, look, etc. in all versions up to, and including, 1.1.8. This is due to the plugin not properly sanitizing user input or escaping output when inserting thes...

SUSE CVE-2022-50571

In the Linux kernel, the following vulnerability has been resolved: btrfs: call btrfsremovefreespacecachelocked on cache load failure Now that lockdep is staying enabled through our entire CI runs I started seeing the following stack in generic/475 ------------ cut here ------------ WARNING: CPU:...

DEBIAN-CVE-2025-62611

aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. It is possible to create a rogue MySQL...

UBUNTU-CVE-2025-62611

aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. It is possible to create a rogue MySQL...

CVE-2025-62611

aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. It is possible to create a rogue MySQL...

CVE-2025-62611

Summary: CVE-2025-62611 affects the aiomysql Python library used to access MySQL from asyncio. Prior to version 0.3.0, client-side settings are not validated before sending local files to the server, enabling a rogue MySQL server to request arbitrary client files via a LOAD_LOCAL packet. This vul...

CVE-2025-62611 aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server

aiomysql is a library for accessing a MySQL database from the asyncio. Prior to version 0.3.0, the client-side settings are not checked before sending local files to MySQL server, which allows obtaining arbitrary files from the client using a rogue server. It is possible to create a rogue MySQL...

EUVD-2025-35613

Software which sets SOREUSEPORTLB on a socket and then connects it to a host will not directly observe any problems. However, due to its membership in a load-balancing group, that socket will receive packets originating from any host. This breaks the contract of the connect2 and implied connect v...

CVE-2025-24934

Software which sets SOREUSEPORTLB on a socket and then connects it to a host will not directly observe any problems. However, due to its membership in a load-balancing group, that socket will receive packets originating from any host. This breaks the contract of the connect2 and implied connect v...

CVE-2025-24934 SO_REUSEPORT_LB breaks connect(2) for UDP sockets

Software which sets SOREUSEPORTLB on a socket and then connects it to a host will not directly observe any problems. However, due to its membership in a load-balancing group, that socket will receive packets originating from any host. This breaks the contract of the connect2 and implied connect v...