SUSE-SU-2025:0328-1 Security update for clamav

This update for clamav fixes the following issues: New version 1.4.2: CVE-2025-20128, bsc1236307: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service DoS condition. - Start clamonacc with --fdpass to avoid errors due to clamd not being able to...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : clamav (SUSE-SU-2025:0327-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0327-1 advisory. New version 1.4.2: CVE-2025-20128, bsc1236307: Fixed a possible buffer overflow read bug in the...

SUSE SLES15 Security Update : clamav (SUSE-SU-2025:0325-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0325-1 advisory. New version 1.4.2: CVE-2025-20128, bsc1236307: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a...

AI (Artificial Intelligence) - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-004

The AI logging sub-module enables you to log AI requests and responses for debugging and auditing purposes. The module doesn't sufficiently check for access to view the preview listing of the logs. Full log details are correctly protected, and API keys are never logged. This vulnerability is...

MGASA-2024-0307 Updated clamav packages fix security vulnerabilities

Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service DoS condition. CVE-2024-20505 Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam'...

Fedora 39 : clamav (2024-05d7ee197e)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-05d7ee197e advisory. Update to 1.0.7 CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with...

DRUPAL-CONTRIB-2024-039

This module provides Drupal with various security-hardening options, for example by emitting various configurable HTTP response headers. The module doesn't sufficiently validate input in Content Security Policy CSP violation reports. This can cause errors when a logging module e.g. dblog or syslo...

Security Kit - Less critical - Denial of Service - SA-CONTRIB-2024-039

This module provides Drupal with various security-hardening options, for example by emitting various configurable HTTP response headers. The module doesn't sufficiently validate input in Content Security Policy CSP violation reports. This can cause errors when a logging module e.g. dblog or syslo...

Huawei HarmonyOS 安全漏洞

Huawei EMUI and Huawei HarmonyOS are both products of Huawei, a mobile operating system based on Android, and Huawei HarmonyOS, a distributed operating system developed by Huawei for the whole scenario, aiming at realizing intelligent interconnection and resource sharing among people, devices, an...

CVE-2023-34450 CometBFT PeerState JSON serialization deadlock

CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. An internal modification made in versions 0.34.28 and 0.37.1 to the way struct PeerState is serialized to JSON introduced a deadlock when new function MarshallJSON is...

SUSE CVE-2018-11577

Liblouis 3.5.0 has a Segmentation fault in loulogPrint in logging.c...

Shopware 日志信息泄露漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware. Shopware suffers from a log information disclosure vulnerability that stems from the logging module writing out all types of sent emails. An attacker with access to local system logs or a centralized log stor...

DEBIAN-CVE-2022-32746

A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl...

Internet Bug Bounty: Format string implementation vulnerability, resulting in code execution

In a security audit to the sprintf implementation in perl version 5.24.1 I found a major security vulnerability, here are the full details. Timeline: ====== 6th of May, 2017 - disclosure to the PERL security mailing list 8th of May, 2017 - vulnerability confirmed by PERL's security group, found...

OracleVM 3.3 : python (OVMSA-2015-0098)

The remote OracleVM system is missing necessary patches to address critical security updates : - Add Oracle Linux distribution in platform.py orabug 21288328 Keshav Sharma - Enable use of deepcopy with instance methods Resolves: rhbz1223037 - Since -libs now provide python-ordered dict, added...

httpd: mod_log_config does not properly handle logging certain cookies resulting in DoS

The logcookie function in modlogconfig.c in the modlogconfig module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service segmentation fault and daemon crash via a crafted cookie that is not properly handled during truncation...

CVE-2012-4469

The CVE-2012-4469 issue affects Drupal with the Hashcash contributed module (6.x-2.x and 7.x-2.x branches). The vulnerability is a cross-site scripting (XSS) flaw that occurs when the site’s Hashcash setting “Log failed hashcash” is enabled and an invalid token is processed, allowing an attacker ...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted 1 USER or 2 PASS command, which is written by the FTP logging module to a...

mod_mylo for Apache mylo_log Logging Function HTTP GET Overflow

According to the banner, the remote host is using a vulnerable version of mylolog, a MySQL logging module for Apache. Such versions have a buffer overflow vulnerability which could result in arbitrary code execution. C Tenable Network Security, Inc. The overflow occurs after the server replied to...