MiracleLinux 8 : java-11-openjdk-11.0.13.0.8-1.el8 (AXSA:2021-2492:13)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2492:13 advisory. OpenJDK: Loop in HttpsServer triggered during TLS session close JSSE, 8254967 CVE-2021-35565 OpenJDK: Incorrect principal selection when using...

EUVD-2023-2204

Malicious code in bioql PyPI...

EUVD-2022-4817

Malicious code in bioql PyPI...

AlmaLinux 9 : php:8.2 (ALSA-2025:7432)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:7432 advisory. php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decod...

AlmaLinux 9 : gimp (ALSA-2025:9162)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:9162 advisory. gimp: Multiple use after free in XCF parser CVE-2025-48798 gimp: Multiple heap buffer overflows in TGA parser CVE-2025-48797 gimp: GIMP ICO File Parsing...

Important: gimp:2.8 security update

The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: Multiple...

TencentOS Server 3: expat (TSSA-2022:0042)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0042 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2023-26479

XWiki Platform is a generic wiki platform. Starting in version 6.0, users with write rights can insert well-formed content that is not handled well by the parser. As a consequence, some pages becomes unusable, including the user index if the page containing the faulty content is a user page and t...

ALSA-2025:7418 Important: php:8.3 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth header CVE-2025-1736 php: Streams HTTP wrapper...

php: Header parser of http stream wrapper does not handle folded headers

A flaw was found in PHP. This vulnerability allows misinterpretation of HTTP response headers, potentially leading to incorrect usage of headers, MIME types, and other response attributes via incorrect parsing of folded headers in the HTTP request module...

Moderate: php:8.1 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

[SECURITY] [DLA 4041-1] python-aiohttp security update

Debian LTS Advisory DLA-4041-1 [email protected] https://www.debian.org/lts/security/ Jochen Sprickerhof February 03, 2025 https://wiki.debian.org/LTS Package : python-aiohttp Version : 3.7.4-1+deb11u1 CVE ID : CVE-2023-47627 CVE-2023-47641 CVE-2023-49081 CVE-2023-49082 CVE-2024-23334...

EulerOS 2.0 SP9 : ruby (EulerOS-SA-2025-1063)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have sam...

gstreamer1-plugins-good -- multiple vulnerabilities

The GStreamer Security Center reports: 20 security bugs. CVE-2024-47537: Integer overflow in MP4/MOV sample table parser leading to out-of-bounds writes CVE-2024-47598: MP4/MOV sample table parser out-of-bounds read CVE-2024-47539: MP4/MOV Closed Caption handling out-of-bounds write CVE-2024-4754...

python-aiohttp: numerous issues in HTTP parser with header parsing

An HTTP request smuggling vulnerability was found in aiohttp. Numerous issues with HTTP parsing can allow an attacker to smuggle HTTP requests...

SUSE-SU-2023:2320-1 Security update for wireshark

This update for wireshark fixes the following issues: Updated to version 3.6.14: - CVE-2023-2855: Fixed a crash in the Candump log file parser boo1211703. - CVE-2023-2856: Fixed a crash in the VMS TCPIPtrace file parser boo1211707. - CVE-2023-2857: Fixed a crash in the BLF file parser boo1211705....

SUSE CVE-2006-4331

Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark formerly Ethereal 0.99.2 allow remote attackers to cause a denial of service crash via unspecified vectors...

MGASA-2022-0344 Updated firefox packages fix security vulnerabilities

When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead CVE-2022-40956. By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus...

PT-2020-4628 · Apache +1 · Apache Tika +1

Name of the Vulnerable Software and Affected Versions: Apache Tika versions prior to 1.24.1 Description: A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParse...

SUSE-SU-2020:0424-1 Security update for rsyslog

This update for rsyslog fixes the following issues: Security issues fixed: - CVE-2019-17041: Fixed a heap overflow in the parser for AIX log messages bsc1153451. - CVE-2019-17042: Fixed a heap overflow in the parser for Cisco log messages bsc1153459. Non-security issues fixed: - Handle multiline...