SUSE-SU-2025:03524-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: Update to version 1.25.1, released 2025-09-03 bsc1244485. Security issues fixed: - CVE-2025-47910: net/http: CrossOriginProtection insecure bypass patterns not limited to exact matches bsc1249141. Other issues fixed: - go74822 cmd/go: 'ge...

UBUNTU-CVE-2024-53566

An issue in the actionlistcategories function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal...

Sangoma Technologies Asterisk 安全漏洞

Sangoma Technologies Asterisk is a suite of open source telephone switch PBX system software from Canadian company Sangoma Technologies. The software supports voicemail, multi-party voice conferencing, interactive voice response IVR, and more. A security vulnerability exists in Sangoma Technologi...

PT-2023-17411

Name of the Vulnerable Software and Affected Versions Shopware 6 versions 6.4.20.0 through 6.4.20.0 Shopware 6 versions 6.5.0.0-rc1 through 6.5.0.0-rc4 Description The issue allows remote attackers with access to a Twig environment without the Sandbox extension to bypass validation checks and...

Code injection

BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the anonymous poll...

CVE-2022-41964 BigBlueButton contains Response leaks in anonymous polls

BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the anonymous poll...

PYSEC-2020-335

In TensorFlow release candidate versions 2.4.0rc, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the parallel...

PYSEC-2020-300

In TensorFlow release candidate versions 2.4.0rc, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the parallel...

PYSEC-2020-141

In TensorFlow release candidate versions 2.4.0rc, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the parallel...

DEBIAN-CVE-2016-10742

Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter...

CVE-2018-5490

Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release...

PT-2012-5480 · Google · Google Web Toolkit

Name of the Vulnerable Software and Affected Versions: Google Web Toolkit GWT versions 2.4 Beta through 2.4.0 release candidates Description: The issue is related to a cross-site scripting XSS vulnerability. This allows remote attackers to inject arbitrary web script or HTML. Recommendations: For...