119 matches found
OESA-2025-1568 libpq security update
PostgreSQL is a powerful, open source object-relational database system that uses and extends the SQL language combined with many features that safely store and scale the most complicated data workloads. This package provides the essential shared library for any PostgreSQL client program or...
CVE-2009-5009
Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service application crash or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation...
iTop 安全漏洞
iTop is a simple, web-based IT service management tool from Combodo Open Source. A security vulnerability exists in iTop versions prior to 3.2.1 that stems from a regular expression denial of service that may affect the server...
libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value
A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...
SUSE CVE-2025-32911
A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...
CVE-2025-32911
A use-after-free type vulnerability was found in libsoup, in the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...
DEBIAN-CVE-2025-32909
A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniffmp4 function. The HTTP server may cause the libsoup client to crash...
USN-7371-1 freerdp2 vulnerabilities
Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service. CVE-2024-32458 Evgeny Legerov discovered...
Allocation of Resources Without Limits or Throttling
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the api/v1/utils/code/format endpoint. An attacker can cause the server to become unresponsive or experience significant degradation by sending a...
Linux Distros Unpatched Vulnerability : CVE-2015-4913
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors...
CVE-2025-26466
A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to ...
AZL-55682 CVE-2024-12087 affecting package rsync for versions less than 3.4.1-1
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...
WeGIA 代码问题漏洞
WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A code issue vulnerability exists in WeGIA versions prior to 3.2.6, which stems from a lack of proper validation of the /WeGIA/html/socio/sistema/controller/controlaxlsx.php endpoint when accepting file...
NetIQ Advanced Authentication 安全漏洞
NetIQ Advanced Authentication is an application from NetIQ UK. It provides a more secure way to protect your sensitive information by moving away from usernames and passwords. A brute force vulnerability exists in NetIQ Advanced Authentication versions prior to 6.3.5.1, which stems from not...
CVE-2024-7694
ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server...
Apache MINA SSHD 安全漏洞
Apache MINA SSHD is a pure Java library from the U.S. Apache Apache Foundation that supports both client-side and server-side SSH protocols. A security bypass vulnerability exists in Apache MINA SSHD versions prior to 2.12.0, which can be exploited by an attacker to drop certain packets from a...
Hitachi FOXMAN-UN Security Vulnerability
Hitachi FOXMAN-UN is a powerful toolset in a comprehensive NMS suite from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi FOXMAN-UN and UNEM that can be exploited by an attacker to execute unintended commands or code on the server to read or modify sensitive data...
PT-2024-11516 · Ibm · Ibm Cognos Controller
Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.4.1 through 11.0.0 Description: The issue is caused by improper validation of user-supplied input, allowing a remote attacker to induce the application to perform server-side DNS lookups or HTTP requests to...
GHSA-2GRW-MC9R-822R phpMyFAQ SQL injections at insertentry & saveentry
Summary A SQL injection vulnerability has been discovered in the insertentry & saveentry when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accoun...
DEBIAN-CVE-2024-22201
Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to st...