Advisory ROSA-SA-2025-2986

software: spdlog 1.8.5 OS: ROSA-CHROME unaffected versions = spdlog-1.8.5-2 affected versions spdlog-1.8.5-2 CVE-ID: CVE-2025-6140 BDU-ID: None CVE-Crit: LOW CVE-DESC.: A vulnerability in spdlog causes excessive resource consumption when running the scopedpadder function patternformatter-inl.h,...

CVE-2023-50943

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enablexcompickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it...

RHEL 7 : openstack-ceilometer (RHSA-2019:0580)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0580 advisory. OpenStack Telemetry ceilometer collects customer usage data for metering purposes. Telemetry implements bus listener, push, and polling agents for da...

Input validation

ffcss is a CLI interface to apply and configure Firefox CSS themes. Prior to 0.2.0, the function lookupPreprocess is meant to apply some transformations to a string by disabling characters in the regex - .. However, due to the use of late Unicode normalization of type NFKD, it is possible to bypa...

OpenSSL Recent Security Patches

OpenSSL Recent Security Patches Summary For the vulnerabilities disclosed in the OpenSSL Security Advisories of: OpenSSL 3.0.11 - Tuesday 19th September 2023 OpenSSL 3.0.12 - Tuesday 24th October 2023 Node.js Windows is affected by one vulnerability rated as LOW. Therefore, these patches will be...

PYSEC-2023-103

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the...

RHEL 9 : swtpm (RHSA-2022:8100)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8100 advisory. SWTPM is a TPM emulator built on libtpms providing TPM functionality for QEMU VMs. Security Fixes: swtpm: Unchecked header size indicator against...

Intel® EMA Software Advisory

Summary: A potential security vulnerability in the Intel® Endpoint Management Assistant EMA software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-30297 Description: Cross-site scripting in t...

RHEL 8 : 389-ds:1.4 (RHSA-2021:3906)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3906 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server an...

RHEL 7 : patch (RHSA-2019:2033)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:2033 advisory. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes...

RHEL 6 : kernel (RHSA-2012:1589)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:1589 advisory. - kernel: unfiltered netdev rioioctl access by users CVE-2012-2313 Note that Nessus has not tested for this issue but has instead relied only on the...

RHEL 6 : php-pecl-apc (RHSA-2012:0811)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:0811 advisory. - php-pecl-apc: potential XSS in apc.php CVE-2010-3294 Note that Nessus has not tested for this issue but has instead relied only on the application'...

RHEL 5 : vixie-cron (RHSA-2012:0304)

The remote Redhat Enterprise Linux 5 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2012:0304 advisory. - vixie-cron, cronie: Race condition by setting timestamp of user's crontab file, when editing the file CVE-2010-0424 Note that Nessus has not tested...

RHEL 5 : krb5 (RHSA-2012:0306)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:0306 advisory. - krb5, krb5-appl: ftpd incorrect group privilege dropping MITKRB5-SA-2011-005 CVE-2011-1526 Note that Nessus has not tested for this issue but has...

RHEL 6 : sos (RHSA-2011:1536)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2011:1536 advisory. Sos is a set of tools that gather information about system hardware and configuration. The sosreport utility incorrectly included Certificate-based R...

Joomla! Component Kochsuite 0.9.4 - Remote File Inclusion

Joomla! Component Kochsuite 0.9.4 - Remote File Inclusion .: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | \\ /\ / :. . ..: ||| / \ \ .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: 18.o8.2oo6 .. Affected Application: Kochsuite v0.9.4...