CVE-2026-45149

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like 1..10000000, the sequence generation loop generates all 10 million intermediate...

Security update for yq

This update for yq fixes the following issues CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction bsc1241719. CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML...

ROS-20251223-7304

Vulnerability in PackageKit related to memory usage after its release. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

EUVD-2021-1514

Malware in sbrugna...

ROS-20250806-08

A vulnerability in the MongoDB database management system server is related to excessive iteration. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service MongoDB database management system vulnerability is related to the fact that the software stor...

CVE-2025-53538

CVE-2025-53538 affects Suricata (IDS/IPS/NSM engine by OISF) in versions 7.0.10 and earlier and 8.0.0-beta1 through 8.0.0-rc1. The root cause is mishandling of data on HTTP/2 stream 0, causing uncontrolled memory usage and loss of visibility. The issue scores as CVSS v3.1/7.5 (HIGH) with NETWORK ...

TencentOS Server 3: bind9.16 (TSSA-2023:0198)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0198 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Ubuntu: Security Advisory (USN-7529-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Advisory ROSA-SA-2025-2869

Software: libxslt 1.1.28 OS: rosa-server79 packageevrstring: libxslt-1.1.28-6.0.1.1.res7 CVE-ID: CVE-2024-55549 BDU-ID: 2025-03641 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the xsltGetInheritedNsList function of the libxslt library is related to memory usage after it has been freed...

Important: amazon-cloudwatch-agent

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

ROS-20250424-09

The vulnerability in Google Chrome and Microsoft Edge browsers is related to the possibility of memory usage after a release. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity, and availability of protected information. confidentiality,...

openSUSE Security Advisory (SUSE-SU-2025:1356-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Azure Linux 3.0 Security Update: erlang (CVE-2025-30211)

The version of erlang installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-30211 advisory. - Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.1...

CVE-2025-29786

CVE-2025-29786 concerns the Expr expression parser (Go). Prior to 1.17.0, unbounded input can cause the parser to build an excessively large AST, leading to high memory usage or an OOM crash. The issue is mitigated by a patch in 1.17.0 that enforces node budget and memory limits during parsing. R...

Linux Distros Unpatched Vulnerability : CVE-2015-8978

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Soap Lite aka the SOAP::Lite extension for Perl 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting ...

Linux Distros Unpatched Vulnerability : CVE-2019-14235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uritoiri...

Advisory ROSA-SA-2025-2751

Software: libxml2 2.9.7 OS: ROSA Virtualization 2.1 packageevrstring: libxml2-2.9.7-18.rv3.2 CVE-ID: CVE-2023-39615 BDU-ID: 2023-05968 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlsax2startelement function of the libxml2 library is caused by a buffer overflow. Exploitation of the...

ROS-20250114-10

Vulnerability in the animation control and synchronization handler on web pages of Mozilla Firefox browsers, Firefox ESR is related to the possibility of memory usage after its release. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code by injecting it into...

BIT-NODE-MIN-2021-22883

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unabl...

ROS-20241023-07

Vulnerability of the BufWinLeave function of the vim text editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker to gain access to confidential information. information...