openSUSE 16 Security Update : git-bug (openSUSE-SU-2025-20143-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025-20143-1 advisory. Changes in git-bug: - Revendor to include fixed version of depending libraries: - GO-2025-4116 CVE-2025-47913, bsc1253506 upgrade...

org.eclipse.jgit: XXE vulnerability in Eclipse JGit

A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files...

EUVD-2016-1662

Malware in sbrugna...

EUVD-2004-0401

Malware in sbrugna...

EUVD-2024-33858

Malicious code in bioql PyPI...

EUVD-2022-1513

Malicious code in bioql PyPI...

EUVD-2024-47132

Malicious code in bioql PyPI...

EUVD-2022-2787

Malicious code in bioql PyPI...

EUVD-2022-7316

Malicious code in bioql PyPI...

EUVD-2022-2244

Malicious code in bioql PyPI...

CVE-2025-47241

In browser-use aka Browser Use before 0.1.45, URL parsing of alloweddomains is mishandled because userinfo can be placed in the authority component...

Amazon Linux 2 : docker (ALASNITRO-ENCLAVES-2025-057)

The version of docker installed on the remote host is prior to 20.10.17-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-057 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could...

CVE-2025-1211

Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery SSRF due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://[email protected]/, the URI function will parse and see the host as 127.0.0.1 which is correct, and hackney...

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2025-1027)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822...

PT-2024-40083 · Symfony +2 · Symfony +2

Name of the Vulnerable Software and Affected Versions: Symfony versions prior to the latest version Description: The issue concerns XML Entity Expansion XEE attacks, which can lead to Denial Of Service attacks against a host's RAM. This is due to the lack of a method to disable custom entities in...

CVE-2023-45290

When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a...

CLSA-2023-1692817457 Fix CVE(s): CVE-2023-3823, CVE-2023-3824

SECURITY UPDATE: external entity loading in XML without enabling it - debian/patches/CVE-2023-3823.patch: sanitize libxml2 globals before parsing. - CVE-2023-3823 SECURITY UPDATE: buffer mismanagement in phardirread - debian/patches/php-upstream-CVE-2023-3824.patch: fix buffer mismanagement in...

golang: regexp/syntax: limit memory used by parsing regexps

A flaw was found in the golang package, where programs that compile regular expressions from untrusted sources are vulnerable to memory exhaustion or a denial of service. The parsed regexp representation is linear in the input size. Still, in some cases, the constant factor can be as high as...

CVE-2019-14382

DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs...

CURL-CVE-2016-8624 invalid URL parsing with '#'

curl does not parse the authority component of the URL correctly when the host name part ends with a hash character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use a URL parser that follows the RFC to check for allowed...