CVE-2025-24970

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead...

Azure Linux 3.0 Security Update: golang / python-tensorboard (CVE-2021-29923)

The version of golang / python-tensorboard installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-29923 advisory. - Go before 1.17 does not properly consider extraneous zero characters at the beginning o...

Azure Linux 3.0 Security Update: kernel (CVE-2024-49982)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49982 advisory. - In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free...

EulerOS 2.0 SP11 : curl (EulerOS-SA-2025-1151)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than...

EulerOS 2.0 SP12 : curl (EulerOS-SA-2025-1170)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than...

Azure Linux 3.0 Security Update: c-ares / fluent-bit / grpc / nodejs / nodejs18 / python-gevent (CVE-2024-25629)

The version of c-ares / fluent-bit / grpc / nodejs / nodejs18 / python-gevent installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-25629 advisory. - c-ares is a C library for asynchronous DNS requests...

Azure Linux 3.0 Security Update: application-gateway-kubernetes-ingress / cf-cli / cri-o / csi-driver-lvm / golang / keda / moby-engine / node-problem-detector (CVE-2021-44716)

The version of application-gateway-kubernetes-ingress / cf-cli / cri-o / csi-driver-lvm / golang / keda / moby-engine / node-problem-detector installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-44716...

Azure Linux 3.0 Security Update: mariadb (CVE-2023-6937)

The version of mariadb installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6937 advisory. - wolfSSL prior to 5.6.6 did not check that messages in one DTLS record do not span key boundaries. As a resul...

CVE-2022-26388

CVE-2022-26388 affects Hillrom Welch Allyn ELI resting electrocardiographs: ELI 380 (versions ≤ 2.6.0), ELI 280/BUR280/MLBUR 280 (≤ 2.3.1), ELI 250c/BUR 250c (≤ 2.1.2), and ELI 150c/BUR 150c/MLBUR 150c (≤ 2.2.0). Root cause is a hard-coded password used for inbound authentication or outbound comm...

AWS VDP: Amazon Comprehend Medical Service Reporting "AWS Internal" for CloudTrail Events Generated from FIPS Endpoints

The Comprehend Medical service was found to have 8 API endpoints that incorrectly reported the user-agent and network information as "AWS Internal" in CloudTrail event logs. This behavior was observed specifically for FIPS endpoints, which may have been an intentional design decision. The...

CVE-2022-47409

An issue was discovered in the fpnewsletter aka Newsletter subscriber management extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Attackers can unsubscribe everyone via a series of modified subscription UIDs in deleteAction operations...

CVE-2024-2878

Summary (CVE-2024-2878) : A DoS vulnerability in GitLab CE/EE affects all versions from 15.7 up to 16.9.7, 16.10 up to 16.10.5, and 16.11 up to 16.11.2. An attacker could cause service disruption by crafting unusual branch-name search terms. Impact: availability loss as described in the sources. ...

CVE-2024-3976

CVE-2024-3976 affects GitLab CE/EE, with an issue that allowed disclosure of the title and description of confidential issues from public projects to unauthorized users via the UI. Impacted versions are: 14.0–16.9.7, 16.10–16.10.5, and 16.11–16.11.2. The root cause is described as missing/incorre...

CVE-2024-1539

GitLab EE/CE vulnerability CVE-2024-1539 affects GitLab versions: 15.2 up to 16.9.7 (excluding 16.9.7), 16.10 up to 16.10.5 (excluding 16.10.5), and 16.11 up to 16.11.2 (excluding 16.11.2). The issue allows a banned group member to receive issue updates via the API. Root cause and explicit exploi...

CVE-2023-6386

GitLab CE/EE is affected by CVE-2023-6386. A denial-of-service arises from allocation of resources without limits/throttling, impacting all versions 15.11 up to but not including 16.6.7, 16.7 up to but not including 16.7.5, and 16.8 up to but not including 16.8.2. Remediation is to upgrade to fix...

Connecting To Cloud Via a PVS Wizard Results In Grey Screen During Authentication

When attempting to authenticate to the Cloud SDK, you see a grey screen but no option to logon...

CVE-2024-13396

The Frictionless plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'frictionlessform' shortcodes in all versions up to, and including, 0.0.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2022-1736

CVE-2022-1736 affects Ubuntu systems where the gnome-control-center configuration allowed Remote Desktop Sharing to be enabled by default. The root cause is the gnome-control-center setup permitting RDP sharing to be active upon login, resulting in potential unauthorized remote access with high i...

CVE-2022-1736

Ubuntu's configuration of gnome-control-center allowed Remote Desktop Sharing to be enabled by default...

CVE-2020-11936

CVE-2020-11936 affects the Ubuntu Apport component. The issue is a gdbus setgid privilege escalation caused by Apport dropping privileges incorrectly when making certain D-Bus calls, enabling a local attacker to read arbitrary files and potentially escalate privileges. The Ubuntu advisory USN-444...