30 matches found
EulerOS Virtualization 2.10.1 : libssh (EulerOS-SA-2026-2027)
According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A malicious SCP server can send unexpected paths that could make the client application override local files outside of working...
Amazon Linux 2023 : golang-github-burntsushi-toml, golang-github-burntsushi-toml-devel (ALAS2023-2026-1751)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1751 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 Within HostnameError.Error, when constructing ...
Important: cni-plugins
Issue Overview: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escapi...
Important: runc
Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...
Important: runfinch-finch
Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...
USN-8154-2: Django vulnerabilities
USN-8154-1 fixed vulnerabilities in Django. This update provides the corresponding updates for Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Original advisory details: Seokchan Yoon discovered that Django incorrectly handled copying memory when parsing multipart uploads with excessive whitespace. A remo...
📄 Open Babel 3.1.1 CIF File Memory Corruption
This Metasploit auxiliary module generates a crafted .cif file designed to test for memory corruption conditions in Open Babel version 3.1.1. By providing an excessive number of symmetry operations, it triggers a crash DoS during file parsing. The exact outcome depends on the target's build,...
ALSA-2026:3291 Important: runc security update
The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion in query...
Amazon Linux 2 : golang, --advisory ALAS2-2026-3136 (ALAS-2026-3136)
The version of golang installed on the remote host is prior to 1.24.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3136 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP...
Security update for go1.25
This update for go1.25 fixes the following issues: Update to go1.25.6 released 2026-01-15 bsc1244485 Security fixes: CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level bsc1256821. CVE-2025-68119: cmd/go: unexpected code execution when invoking...
MiracleLinux 8 : ruby:3.0 (AXSA:2022-3846:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3846:01 advisory. ruby: Regular expression denial of service vulnerability of Date parsing methods CVE-2021-41817 ruby: Cookie prefix spoofing in CGI::Cookie.parse...
MiracleLinux 8 : pcs-0.10.18-2.el8_10.1.ML.1 (AXSA:2024-8703:04)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8703:04 advisory. REXML: DoS parsing an XML with many s in an attribute value CVE-2024-35176 Tenable has extracted the preceding description block directly from the MiracleLin...
MiracleLinux 7 : rh-ruby26-ruby-2.6.9-120.el7 (AXSA:2022-3091:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3091:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...
CVE-2023-29013
Traefik pronounced traffic is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This...
EUVD-2020-23775
Malware in sbrugna...
EUVD-2020-23774
Malware in sbrugna...
EUVD-2018-0614
Malware in sbrugna...
EUVD-2023-26991
Malicious code in bioql PyPI...
USN-7645-1: PHP vulnerabilities
It was discovered that PHP incorrectly parsed certain HTTP response headers. An attacker could possibly use this issue to cause incorrect MIME type parsing which could result in unexpected behavior. CVE-2025-1217 It was discovered that PHP did not properly validate certain HTTP headers. An attack...
CVE-2025-7370
Rejected reason: Upon investigtion upstream maintainers discovered this was not a real issue. See the references for more details. See: https://gitlab.gnome.org/GNOME/libsoup/-/issues/430note2494090...