MiracleLinux 7 : rh-ruby25-ruby-2.5.9-9.el7 (AXSA:2021-1762:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1762:01 advisory. ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? CVE-2019-15845 ruby: Regular expression denial of service vulnerability of...

MiracleLinux 7 : rh-ruby26-ruby-2.6.7-119.el7 (AXSA:2021-1768:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1768:01 advisory. rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code CVE-2019-3881 ruby: NUL injection vulnerability o...

EUVD-2018-20840

Malware in sbrugna...

EUVD-2022-3345

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-9246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part...

Linux Distros Unpatched Vulnerability : CVE-2020-35459

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call crm history when crm is run were able to execute commands via shell cod...

CVE-2020-35458

An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawkremembermeid parameter in the loginfromcookie cookie. The user logout routine could be used by unauthenticated remote attackers to execute code as hauser...

CVE-2020-35459

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" when "crm" is run were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges...

FreeBSD : Gitlab -- Vulnerabilities (1daa2814-0a6c-11f0-b4e4-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1daa2814-0a6c-11f0-b4e4-2cf05da270f3 advisory. Gitlab reports: Cross-site Scripting XSS through merge-request error messages Cross-site...

Gitlab -- Vulnerabilities

Gitlab reports: Cross-site Scripting XSS through merge-request error messages Cross-site Scripting XSS through improper rendering of certain file types Admin Privileges Persists After Role is Revoked External user can access internal projects Prompt injection in Amazon Q integration may allow...

Gitlab -- Vulnerabilities

Gitlab reports: CVE-2025-25291 and CVE-2025-25292 third party gem ruby-saml CVE-2025-27407 third party gem graphql Denial of Service Due to Inefficient Processing of Untrusted Input Credentials disclosed when repository mirroring fails Denial of Service Vulnerability in GitLab Approval Rules due ...

Remote Code Execution (RCE)

passbolt/passboltapi is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper input sanitization during the server's PGP key generation, allowing users to inject shell code during installation...

Ubuntu: Security Advisory (USN-6711-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6711-1: CRM shell vulnerability

Vincent Berg discovered that CRM shell incorrectly handled certain commands. An local attacker could possibly use this issue to execute arbitrary code via shell code injection to the crm history commandline...

USN-6711-1 crmsh vulnerability

Vincent Berg discovered that CRM shell incorrectly handled certain commands. An local attacker could possibly use this issue to execute arbitrary code via shell code injection to the crm history commandline...

SUSE SLES12 Security Update : hawk2 (SUSE-SU-2021:0198-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:0198-1 advisory. - An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawkremembermeid parameter in the...

SUSE SLES12 Security Update : hawk2 (SUSE-SU-2021:0090-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:0090-1 advisory. - An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawkremembermeid parameter in the...

SUSE: Security Advisory (SUSE-SU-2023:4512-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:4512-1 Security update for util-linux

This update for util-linux fixes the following issues: - CVE-2018-7738: Fixed shell code injection in umount bash-completions bsc1213865...

SUSE-SU-2023:4372-1 Security update for util-linux

This update for util-linux fixes the following issues: - CVE-2018-7738: Fixed shell code injection in umount bash-completions bsc1213865...