19 matches found
osbuild-composer security update
149-6.0.1 - Add missing dependency over dracut-config-rescue for image-installer Orabug: 38587453 - Add OL10 support - Update repository URLs for baseos, appstream and UERK - Fix the label for UEKR repository - Simplify repository names JIRA: OLDIS-35893 - Ensure build on latest golang:...
osbuild-composer security update
101.4-5.0.1 - Support using repository definitons with OCI variables JIRA: OLDIS-38657 - Update repositories to contain OCI variables - Remove image types Minimal-raw and wsl JIRA: OLDIS-38123 - Increase default /boot size to 1GB Orabug: 36827079 - support for building OL8/9 images on Oracle Linu...
osbuild-composer security update
149-5.0.1 - Add missing dependency over dracut-config-rescue for image-installer Orabug: 38587453 - Add OL10 support - Update repository URLs for baseos, appstream and UERK - Fix the label for UEKR repository - Simplify repository names JIRA: OLDIS-35893 - Ensure build on latest golang:...
osbuild-composer security update
101.4-3.0.1 - Support using repository definitons with OCI variables JIRA: OLDIS-38657 - Update repositories to contain OCI variables - Remove image types Minimal-raw and wsl JIRA: OLDIS-38123 - Increase default /boot size to 1GB Orabug: 36827079 - support for building OL8/9 images on Oracle Linu...
Improper Access Control.
Weblate is vulnerable to improper access control. The vulnerability is due to insufficient validation of webhook payloads, which allows an attacker to craft malicious webhook requests and trigger unauthorized repository updates across multiple repositories...
CVE-2025-67492
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...
PYSEC-2025-232
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...
PYSEC-2025-232
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...
CVE-2025-67492
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...
CVE-2025-67492 Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...
CVE-2025-67492
CVE-2025-67492 affects Weblate prior to version 5.15, where a crafted webhook payload could trigger mass repository updates and component enumeration through an overly permissive webhook endpoint. The root cause is the webhook handling allowing unauthorized triggering across multiple repositories...
CVE-2025-67492 Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...
Improper Validation of Syntactic Correctness of Input
Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input via the webhook endpoint. An attacker can enumerate components and trigger updates for multiple repositories by sending crafted webhook payloads. Workaround This vulnerability can be...
GHSA-PJ86-258H-QRVF Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration
Impact It was possible to trigger repository updates for many repositories via a crafted webhook payload. Patches https://github.com/WeblateOrg/weblate/pull/17221 Workarounds Disabling webhooks completely using ENABLEHOOKS avoids this vulnerability. References Thanks to Hector Ruiz Ruiz & NaxusAI...
Weblate's over‑permissive webhook endpoint enables mass repository updates and component enumeration
Impact It was possible to trigger repository updates for many repositories via a crafted webhook payload. Patches https://github.com/WeblateOrg/weblate/pull/17221 Workarounds Disabling webhooks completely using ENABLEHOOKS avoids this vulnerability. References Thanks to Hector Ruiz Ruiz & NaxusAI...
EUVD-2007-4720
Malware in sbrugna...
Woodpecker 输入验证错误漏洞
Woodpecker is a community branch of the Drone CI system. An input validation error vulnerability exists in Woodpecker versions 1.0.0 through 1.0.2, which can be exploited by an attacker to publish incorrectly formatted Webhook data, resulting in repository data updates...
CVE-2021-28696
IOMMU page mapping issues on x86 This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresse...
DEBIAN-CVE-2012-0214
The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool APT 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user fro...