Astra Linux - уязвимость в axis

UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it might not have been obvious that using “ServiceFactory.getService” could allow for the use of potentially dangerous lookup mechanisms, such as LDAP. Passing untrusted input to this API method could expose the...

Tripp Lite Discontinued Devices Detection

The current plugin identifies Tripp Lite devices that are currently discontinued. Tripp Lite Lifecycle Statuses: - Active: Product is currently available and supported. - Discontinued: Product no longer manufactured or procured. %NASLMINLEVEL 80900 C Tenable Network Security, Inc...

CVE-2023-40743

UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose...

EUVD-2024-1006

Malicious code in bioql PyPI...

EUVD-2025-7153

Malicious code in bioql PyPI...

EUVD-2024-0512

Malicious code in bioql PyPI...

EUVD-2024-0370

Malicious code in bioql PyPI...

EUVD-2023-2587

Malicious code in bioql PyPI...

Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.21.0 release

Red Hat OpenShift Dev Spaces 3.21 has been released. All containers have been updated to include feature enhancements, bug fixes and CVE fixes. Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in...

CVE-2025-46392 Apache Commons Configuration: Uncontrolled Resource Consumption when loading untrusted configurations in 1.x

Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons Configuratio...

CVE-2025-29980

A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server account. It is recommended that the CRM feature is turned off while on eTRAKiT.net release 3.2.1.7...

Security Bulletin: Apache Axis1 CVE-2023-40743 security vulnerability in FileNet Content Manager, Process Engine Process Orchestration

Summary Apache Axis1 CVE-2023-40743 security vulnerability in FileNet Content Manager, Process Engine Process Orchestration. Affected, not vulnerable. Vulnerability Details CVEID:CVE-2023-40743 DESCRIPTION: UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not...

CVE-2024-27138

UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Archiva. Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue...

CVE-2024-8372

Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...

Intel® FPGA SDK for OpenCL™ Software Technology Advisory

Summary: A potential security vulnerability in some Intel® FPGA SDK for OpenCL™ software technology may allow escalation of privilege. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for Intel® FPGA SDK for OpenCL™ software...

Cisco Warns of Vulnerability in Popular Phone Adapter, Urges Migration to Newer Model

Cisco has warned of a critical security flaw in SPA112 2-Port Phone Adapters that it said could be exploited by a remote attacker to execute arbitrary code on affected devices. The issue, tracked as CVE-2023-20126, is rated 9.8 out of a maximum of 10 on the CVSS scoring system. The company credit...

PT-2022-1770

Name of the Vulnerable Software and Affected Versions Apache Log4j versions 1.2.x Apache Log4j affected versions not specified Description The issue is related to the restoration of untrusted data in memory, which can allow a remote attacker to execute arbitrary code. It is also identified as a...

End of Life Announcement for the Citrix Receiver for Universal Windows Platform (UWP)

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Citrix Systems, Inc. announces the End of Life of the Citrix Receiver for Universal Windows Platform...

DSA-2819-1 iceape - several

Security support for Iceape, the Debian-branded version of the Seamonkey suite needed to be stopped before the end of the regular security maintenance life cycle. We recommend to migrate to Iceweasel for the web browser functionality and to Icedove for the e-mail bits. Iceweasel and Icedove are...