Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : GitPython vulnerabilities (USN-8303-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8303-1 advisory. Santos Gallegos discovered that GitPython did not properly validate paths when...

USN-8051-2 libssh vulnerabilities

USN-8051-1 fixed vulnerabilities in libssh. This update provides the corresponding updates for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that libssh clients incorrectly handled the key exchange process. A remote attacker could possibly...

EUVD-2014-0259

Malware in sbrugna...

EUVD-2018-11890

Malware in sbrugna...

EUVD-2022-53014

Malicious code in bioql PyPI...

EUVD-2022-1482

Malicious code in bioql PyPI...

CVE-2025-46334 Git GUI malicious command injection on Windows

Git GUI allows you to use the Git source control management tools via a GUI. A malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable always includes...

PT-2023-8023

Name of the Vulnerable Software and Affected Versions Linux Mint Xreader affected versions not specified Description This issue allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this issue, where the target...

Important: php8.1

Issue Overview: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

SUSE-SU-2022:3326-1 Security update for go1.19

This update for go1.19 fixes the following issues: Update to go version 1.19.1 bsc1200441: - CVE-2022-27664: Fixed DoS in net/http caused by mishandled server errors after sending GOAWAY bsc1203185. - CVE-2022-32190: Fixed missing stripping of relative path components in net/url JoinPath bsc12031...

openSUSE: Security Advisory for permissions (openSUSE-SU-2021:1520-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-37364

OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would...

CVE-2021-37364

OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe or tomcat8.exe files located in bin folders and replace with a malicious file that would...

CVE-2021-37364

OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has modify permission to openclinic folders/files, enabling a low-privilege account to rename binaries (mysqld.exe or tomcat8.exe) in bin folders and substitute a malicious file that connects back...

CVE-2021-37363

CVE-2021-37363 affects Gestionale Open 11.00.00. The vulnerability is described as an insecure permissions issue where a low-privilege account can rename the mysqld.exe in the bin folder and replace it with a malicious file that can connect back to an attacker, gaining system-level privileges bec...

OPENSUSE-SU-2020:1539-1 Security update for openldap2

This update for openldap2 fixes the following issues: - CVE-2020-8027: openldapupdatemodulespath.sh starts daemons unconditionally and uses fixed paths in /tmp bsc1175568. This update was imported from the SUSE:SLE-15:Update update project...

CVE-2020-10733

The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add fil...

SUSE-SU-2020:14290-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox was updated to version 68.5.0 ESR bsc1163368. Security issues fixed: - CVE-2020-6796: Fixed a missing bounds check on shared memory in the parent process bsc1163368. - CVE-2020-6798: Fixed a JavaScript code injection issue caused ...

SUSE-SU-2020:0063-1 Security update for nodejs10

This update for nodejs10 to version 10.18.0 fixes the following issues: Security issues fixed: - CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via 'bin' field bsc1159352. - Added support for chacha20-poly1305 for Authenticated...

SUSE-SU-2019:2307-1 Security update for util-linux and shadow

This update for util-linux and shadow fixes the following issues: util-linux: - Fixed an issue where PATH settings in /etc/default/su being ignored bsc1121197 - Prevent outdated pam files bsc1082293. - De-duplicate fstrim -A properly bsc1127701. - Do not trim read-only volumes bsc1106214. -...