EulerOS 2.0 SP10 : libcap (EulerOS-SA-2025-1802)

According to the versions of the libcap package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The PAM module pamcap.so of libcap configuration supports group names starting with @, during actual parsing, configurations not starting with @ ar...

Huawei EulerOS: Security Advisory for libcap (EulerOS-SA-2025-1706)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

BIT-OPENRESTY-2024-33452

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request...

CVE-2025-52939 Potential heap-buffer overflow vulnerability in NotepadNext

Out-of-bounds Write vulnerability in dail8859 NotepadNext src/lua/src modules. This vulnerability is associated with program files ldebug.C, lvm.C. This issue affects NotepadNext: through v0.11...

CVE-2022-50035

CVE-2022-50035 affects the Linux kernel DRM AMDGPU path. The issue is a use-after-free in amdgpu_bo_list mutex handling caused by double-unlocking of bo_list_mutex when amdgpu_cs_vm_handling returns non-zero, which can lead to a refcount underflow (as shown in the trace). The vulnerability is dem...

PT-2025-25943 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A refcount leak bug has been identified in the Linux kernel, specifically in the mips: cavium-octeon module. The issue arises from a missing of node put call for the reference 'uctl...

PT-2025-25883

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to the kcm module. The issue involved the incorrect ordering of the strp init function call, which led to unnecessary...

TencentOS Server 3: python3 (TSSA-2024:0517)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0517 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-48902

Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2025-4138

CVE-2025-4138 affects Python’s tarfile module when using TarFile.extractall() or TarFile.extract() with filter='data' or 'tar'. The extraction filter can be bypassed, allowing symlink targets to point outside the destination directory and enabling modification of some file metadata. This issue is...

CVE-2022-30475

Tenda AC Series Router AC18V15.03.05.196318 was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/WifiExtraSet request...

CVE-2020-1829

Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, and V500R001C60SPC500 have a vulnerability that the IPSec module handles a message improperly. Attackers can send specific message to cause double free memor...

CVE-2019-17308

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user...

CVE-2010-3686

The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider...

CVE-2012-5801

The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the...

CVE-2012-2719

The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a file, which has unspecified impact possibly involving file uploads to the wrong user directory, ak...

CVE-2009-2291

Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors...

PT-2025-22164 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the dm module. The issue occurred when the dm split args function copied data from the old argv array to the argv arra...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1217)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Alibaba Cloud Linux 3 : 0111: python3 (ALINUX3-SA-2024:0111)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0111 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-6597: An issue was found in the...