39 matches found
EUVD-1999-0358
Malware in sbrugna...
CVE-2025-54956
The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request...
CVE-2025-54956
The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request...
CVE-2025-54956
CVE-2025-54956 affects the R package gh (pre-1.5.0). The vulnerability arises when an HTTP response is constructed to include the request’s Authorization header, potentially exposing credentials. Several connected advisories confirm the issue and provide mitigations: Debian LTS DLA-4378-1 notes a...
MAL-2025-6402 Malicious code in assetdash-og-new (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2025-49809 affecting package mtr for versions less than 0.95-3
CVE-2025-49809 affecting package mtr for versions less than 0.95-3. A patched version of the package is available...
CVE-2024-53203 affecting package kernel for versions less than 6.6.90.1-1
CVE-2024-53203 affecting package kernel for versions less than 6.6.90.1-1. A patched version of the package is available...
CVE-2025-32912 affecting package libsoup for versions less than 3.0.4-7
CVE-2025-32912 affecting package libsoup for versions less than 3.0.4-7. A patched version of the package is available...
MGASA-2025-0173 Updated glib2.0 packages fix security vulnerability
Buffer underflow on glib through glib/gstring.c via function gstringinsertunichar. CVE-2025-4373...
Debian: Security Advisory (DLA-4186-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-21859 affecting package kernel for versions less than 5.15.179.1-1
CVE-2025-21859 affecting package kernel for versions less than 5.15.179.1-1. A patched version of the package is available...
CVE-2024-56651 affecting package kernel for versions less than 6.6.76.1-1
CVE-2024-56651 affecting package kernel for versions less than 6.6.76.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2020-5259
In affected versions of dojox NPM package, the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or...
CVE-2024-56728 affecting package kernel for versions less than 6.6.64.2-1
CVE-2024-56728 affecting package kernel for versions less than 6.6.64.2-1. An upgraded version of the package is available that resolves this issue...
Mageia: Security Advisory (MGASA-2024-0397)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-995X-33WQ-8GC9 cycle-import-check vulnerable to Command Injection
The package cycle-import-check before version 1.3.2 is vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization...
CVE-2022-38885
The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...
CVE-2020-28424
This affects all versions of package s3-kilatstorage...
MGASA-2022-0248 Updated ruby-git packages fix security vulnerability
Command Injection via git argument injection CVE-2022-25648...
MGASA-2022-0227 Updated docker-containerd packages fix security vulnerability
A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the 'ExecSync' API. CVE-2022-31030...