SUSE-SU-2025:0328-1 Security update for clamav

This update for clamav fixes the following issues: New version 1.4.2: CVE-2025-20128, bsc1236307: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service DoS condition. - Start clamonacc with --fdpass to avoid errors due to clamd not being able to...

Important: Red Hat Security Advisory: kpatch-patch-5_14_0-284_52_1, kpatch-patch-5_14_0-284_79_1, and kpatch-patch-5_14_0-284_92_1 security update

An update for kpatch-patch-5140-284521, kpatch-patch-5140-284791, and kpatch-patch-5140-284921 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...

CVE-2024-54103

Technical details about CVE-2024-54103 are not publicly available in the provided documents. No explicit affected products, versions, root cause, or remediation are disclosed here. Monitor for updates from Huawei and security advisories.

CVE-2024-5125 XSS and Open Redirect via SVG File Upload in parisneo/lollms-webui

parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting XSS and Open Redirect due to inadequate input validation and processing of SVG files during the upload process. The XSS vulnerability allows attackers to embed malicious JavaScript code within SVG files, which is executed upo...

Moderate: Red Hat Security Advisory: python3.11-urllib3 security update

An update for python3.11-urllib3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : python39:3.9 (RHSA-2024:6915)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6915 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

Huawei HarmonyOS Security Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a data security classification hierarchy vulnerability in the module. Successful...

CVE-2022-45437 Stored cross-site scripting vulnerability in the reporting dashboard module

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting XSS. A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload...

CVE-2022-42234

There is a file inclusion vulnerability in the template management module in UCMS 1.6...

SUSE: Security Advisory (SUSE-SU-2019:2707-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2020:1326-1 Security update for postgresql10

This update for postgresql10 fixes the following issues: - update to 10.14: CVE-2020-14349, bsc1175193: Set a secure searchpath in logical replication walsenders and apply workers CVE-2020-14350, bsc1175194: Make contrib modules' installation scripts more secure...

Node.js third-party modules: [gfc] Command Injection via insecure command formatting

I would like to report a Command Injection issue in the gfc module. It allows to execute arbitrary commands on the victim's PC. Module module name: gfc version: 2.0.2 npm page: https://www.npmjs.com/package/gfc Module Description Simple way to initialize a new git repository in an empty directory...

Important: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

SUSE-SU-2019:3213-1 Security update for apache2-mod_perl

This update for apache2-modperl fixes the following issues: Security issue fixed: - CVE-2011-2767: Fixed a vulnerability which could have allowed perl code execution in the context of user account bsc1156944. Other issue addressed: - Restore process name after svsetpvmg call. bsc1091625...

cn.dceast.platform:platform-security-starter (=2.2.3), com.ahome-it:ahome-tooling-server-core (>=1.0.83-RC1 <=1.0.114-RELEASE) +45 more potentially affected by CVE-2019-11272 via org.springframework.security:spring-security-cas (>=3.1.0.RELEASE <=4.1.3.RELEASE)

org.springframework.security:spring-security-cas MAVEN version =3.1.0.RELEASE, =1.0.83-RC1, =1.0.88-RC1, =1.0.83-RC1, =1.0.83-RC1, =1.0.83-RC1, =1.0.0, =0.3.1, =0.3.1, =0.3.2 and more Source cves: CVE-2019-11272 Source advisory: OSV:GHSA-V33X-PRHC-GPH5...

CVE-2019-11819

Alkacon OpenCMS v10.5.4 and before is affected by CSV aka Excel Macro Injection in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp via the First Name or Last Name...

Code injection

uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regular expression is vulnerable to redos. This causes the program to hang and the CPU to idle at 100%...

CVE-2017-6087

EyesOfNetwork "EON" 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selectedevents parameter in the 1 acknowledge, 2 delete, or 3 ownDisown function in module/monitoringged/gedfunctions.php or the 4 module parameter to module/index.php...

MGASA-2017-0009 Updated subversion packages fix security vulnerability

Subversion's moddontdothat module and clients using https:// are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack, otherwise known as the "billion laughs attack", targets XML parsers and can cause the targeted process to consume an excessive amount o...

MGASA-2015-0254 Updated apache-mod_jk package fixes security vulnerability

An information disclosure flaw due to incorrect JkMount/JkUnmount directives processing was found in the Apache 2 module modjk to forward requests from the Apache web server to Tomcat. A JkUnmount rule for a subtree of a previous JkMount rule could be ignored. This could allow a remote attacker t...