MiracleLinux 8 : flatpak-1.10.8-1.el8 (AXSA:2023-7197:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7197:04 advisory. flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console CVE-2023-28100 flatpak: Metadata with ANSI control codes can...

CVE-2022-35000

JPEGDEC commit be4843c was discovered to contain a segmentation fault via fseek at /libio/fseek.c...

EUVD-2020-6661

Malware in sbrugna...

OESA-2025-2110 aide security update

Security Fixes: A vulnerability was found in AIDE up to 0.19.1 and classified as problematic.Using CWE to declare the problem leads to CWE-117. The product does not neutralize or incorrectly neutralizes output that is written to logs.Impacted is integrity.Upgrading to version 0.19.2 eliminates th...

CVE-2025-54656

UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead...

CVE-2024-1333

The Responsive Pricing Table WordPress plugin before 5.1.11 does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting...

CVE-2024-12400

The tourmaster WordPress plugin before 5.3.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting...

CVE-2020-36827

The XAO::Web module before 1.84 for Perl mishandles characters in JSON output during use of json-embed in Web::Action...

CVE-2020-26283

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown,...

ROS-20250402-04

Vulnerability of the GLPI system of requests, incidents and inventory of computer equipment is related to improperly restricting access to the "install/update.php" file. Exploitation of the vulnerability could allow An attacker acting remotely could gain access to confidential information A...

PT-2025-54191

Name of the Vulnerable Software and Affected Versions Composer versions prior to 2.2.26 Composer versions prior to 2.9.3 Description Composer, a dependency manager for PHP, may allow attackers who control remote sources from which Composer downloads to inject ANSI control characters into the...

AZL-42019 CVE-2024-34459 affecting package libxml2 for versions less than 2.10.4-3

An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c...

PT-2023-7767 · Nagios · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI affected versions not specified Description: The issue is related to the send to nls.php script in Nagios XI, which improperly handles log output. This could allow an attacker to disclose protected information and elevate their...

SUSE: Security Advisory (SUSE-SU-2014:0475-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-23900

OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations...

Multiple vulnerabilities in H2O

Overview H2O is an open source web server software. H2O contains multiple vulnerabilities listed below. A Denial-of-service DoS due to a flaw in processing HTTP/1 header CWE-20 - CVE-2017-10868 Stack-based buffer overflow CWE-121 - CVE-2017-10869 A Denial-of-service DoS due to a flaw in outputtin...

CVE-2004-1773

Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via 1 long output from wc to shar, or 2 unknown vectors in unshar...

nCipher Advisory #10: Pass phrases are exposed in netHSM log files

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 nCipher Security Advisory No. 10 Pass phrases are exposed in netHSM log files -------------------------------------------- SUMMARY ======= Pass phrases entered by means of the nCipher netHSM front panel, either using the built in thumbwheel or using a...