CVE-2026-23498

Shopware is an open commerce platform. From 6.7.0.0 to before 6.7.6.1, a regression of CVE-2023-2017 leads to an array and array crafted PHP Closure not checked being against allow list for the map... override. This vulnerability is fixed in 6.7.6.1...

CVE-2025-62248

A reflected cross-site scripting XSS vulnerability, resulting from a regression, has been identified in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through...

AZL-43170 CVE-2024-39884 affecting package httpd for versions less than 2.4.61-1

A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example,...

Ubuntu 20.04 LTS : Varnish Cache regression (USN-5474-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5474-2 advisory. USN-5474-1 fixed vulnerabilities in Varnish Cache. Unfortunately the fix for CVE-2020-11653 was incomplete. This update fixes the problem. Tenable has extracted t...

UBUNTU-CVE-2021-3567

A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest threat from this vulnerability is to system availability...

Apple Opens Its Invite-Only Bug Bounty Program to All Researchers

As promised by Apple in August this year, the company today finally opened its bug bounty program to all security researchers, offering monetary rewards to anyone for reporting vulnerabilities in the iOS, macOS, watchOS, tvOS, iPadOS, and iCloud to the company. Since its launch three years ago,...

glusterfs: auth.allow allows unauthenticated clients to mount gluster volumes (CVE-2018-1088 regression)

It was found that fix for CVE-2018-1088 introduced a new vulnerability in the way 'auth.allow' is implemented in glusterfs server. An unauthenticated gluster client could mount gluster storage volumes...

Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) regression (USN-3509-4)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3509-4 advisory. USN-3509-2 fixed vulnerabilities in the Linux Hardware Enablement kernel for Ubuntu 14.04 LTS. Unfortunately, it also introduced a regression that prevented the...

Ubuntu 14.04 LTS : Pillow regresssion (USN-3090-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3090-2 advisory. USN-3090-1 fixed vulnerabilities in Pillow. The patch to fix CVE-2014-9601 caused a regression which resulted in failures when processing certain png images. This...

Ubuntu 14.04 LTS : Django regression (USN-2915-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2915-2 advisory. USN-2915-1 fixed vulnerabilities in Django. The upstream fix for CVE-2016-2512 introduced a regression for certain applications. This update fixes the problem by...

Ubuntu 14.04 LTS : Linux kernel regression (USN-2643-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2643-2 advisory. The Fix for CVE-2015-1328 introduced a regression into the Linux kernel's overlayfs file system. The removal of a directory that only exists on the lower layer...

Ubuntu 14.04 LTS : LibTIFF regression (USN-2553-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2553-2 advisory. USN-2553-1 fixed vulnerabilities in LibTIFF. One of the security fixes caused a regression when saving certain TIFF files with a Predictor tag. The problematic...

[SECURITY] [DSA 2831-2] puppet regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-2831-2 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 17, 2014 http://www.debian.org/security/faq -...

CVE-2011-4085

The CVE-2011-4085 description specifies an authentication bypass vulnerability in JBoss platforms where the servlets invoked by httpha-invoker (in JBoss EAP before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07) enforce access control only for GE...