Security update for apptainer (important)

openSUSE security update: security update for apptainer ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20888-1 Rating: important References: bsc1266656 Cross-References: CVE-2026-39821 CVSS scores: CVE-2026-39821 SUSE : 7.4...

OPENSUSE-SU-2026:20771-1 Security update for perl-YAML-Syck

This update for perl-YAML-Syck fixes the following issues: Changes in perl-YAML-Syck: - updated to 1.450.0 1.45 Bug Fixes - Fix: use syckbase64free to fix Windows "Free to wrong pool" crash in base64 encode/decode buffers; also plugs a memory leak PR 189 - Fix: clear type tag on blessed scalar...

Security update for cargo-auditable

This update for cargo-auditable fixes the following issues: Update to version 0.7.20. Security issues fixed: CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257906. Other updates and bugfixes: Update to version 0.7.20: mention cargo-dist...

EUVD-2024-0433

Malicious code in bioql PyPI...

java-21-openjdk security update for RHEL 8.10, 9.4 and 9.5

1:21.0.6.0.7-1.0.1 - Add Oracle vendor bug URL Orabug: 34340155 1:21.0.6.0.7-1 - Update to jdk-21.0.6+7 GA - Update release notes to 21.0.6+7 - Sync the copy of the portable & devkit specfiles with the latest update - Include the latest devkit patches - Update README.md to list an easier way of...

GHSA-V6F4-JWV9-682W class.upload.php allows cross-site scripting attacks via uploaded files

As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide...

class.upload.php allows cross-site scripting attacks via uploaded files

As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide...

CVE-2023-6551

As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide...

Cross site scripting

As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide...

CVE-2023-6551 Stored XSS in class.upload.php

As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide...

CVE-2023-6551 Stored XSS in class.upload.php

As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide...

OS Command Injection in git-promise

All versions of package git-promise is vulnerable to Command Injection due to an inappropriate fix of a prior vulnerability in this package. Note: Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue. Credits @lirantal for discoveri...

MSTICPy January 2022 hackathon highlights

During the month of January 2022, the Microsoft Threat Intelligence Center MSTIC ran its inaugural hackathon for the open-source Jupyter and Python Security Tools library, MSTICPy. We asked the security community for their contributions to expand and improve MSTICPy’s features and capabilities, a...

nuclei-templates

This repository is a collection of templates for the nuclei engine, a tool used to find security vulnerabilities in applications. The templates are used to identify potential vulnerabilities and are contributed by both the project's team and the community. The repository contains various template...

nuclei-templates

This is a GitHub repository for a community-driven project called "Nuclei Templates". The project provides a collection of templates for the Nuclei engine to find security vulnerabilities in applications. The repository contains various files and workflows for managing and updating the templates,...

openSUSE Security Update : gcc7 (openSUSE-2020-2301)

This update for gcc7 fixes the following issues : - CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation issue bsc1172798 - Enable fortran for the nvptx offload compiler. - Update README.First-for.SuSE.packagers - avoid assembler errors with AVX512 gather and scatter instruction...

SUSE-SU-2020:2455-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2020-7068: Use of freed hash key in the pharparsezipfile function bsc1175223. - Do not install outdated README.SUSE bsc1174010. - Added tmpfiles.d for php-fpm to provide a base for a socket bsc1173786...

Security fix for the ALT Linux 9 package cyrus-imapd version 3.0.11-alt1

3.0.11-alt1 built Sept. 5, 2019 Alexey Shabalin in task 237080 3.0.11-alt1 built Aug. 14, 2019 Sergey Y. Afonin in task 236018 Aug. 13, 2019 Sergey Y. Afonin - 3.0.11 CVE-2019-11356 fixed in 3.0.10 - updated README.ALT.rus...