GHSA-GG64-XXR9-QHJP Gogs's update .git/config file allows remote command execution

Summary Due to the insufficient patch for the https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7, it's still possible to update files in the .git directory and achieve remote command execution. Details Function UpdateRepoFile security check under some if conditions. While...

SUSE CVE-2025-70559

pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...

CVE-2025-70559

pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...

CVE-2025-34197

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 VA and SaaS deployments contain an undocumented local user account named ubuntu with a preset password and a sudoers entry granting that account passwordless root privileges ubuntu...

CVE-2025-34197

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 VA and SaaS deployments contain an undocumented local user account named ubuntu with a preset password and a sudoers entry granting that account passwordless root privileges ubuntu...

Linux Distros Unpatched Vulnerability : CVE-2017-1000600

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress version 4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to ...

Linux Distros Unpatched Vulnerability : CVE-2024-8445

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash...

PT-2023-30450 · Unknown · Gladys Assistant

Name of the Vulnerable Software and Affected Versions: Gladys Assistant versions prior to 4.27.0 Description: The issue allows authenticated attackers to extract sensitive files from the host machine due to a Directory Traversal problem. The patch for this problem was found to be incomplete...

SUSE CVE-2005-0206

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 CVE-2004-0888 is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities...

CVE-2022-28730

A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce...

mysql: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 fix (CPU Jan 2017)

Multiple flaws were found in the way the mysqldsafe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root...

DSA-3323-1 icu - security update

Bulletin has no description...

USN-2363-2 bash vulnerability

USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS package. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Tavis Ormandy discovered that the security fix for...

Bash Botnet Exploit Found, Bash Patches Incomplete

The urgency to patch systems against the Bash zero-day vulnerability has been cranked to 10 after reports of an exploit in the wild have been made public by AusCERT, the Computer Emergency Response Team of Australia. This seems to reflect a similar finding posted by a researcher who goes by the...

CVE-2005-0206

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 CVE-2004-0888 is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities...

CVE-2005-0206

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 CVE-2004-0888 is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities...