24 matches found
UBUNTU-CVE-2026-50750
Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...
UBUNTU-CVE-2026-54475
Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing...
CVE-2026-50750
CVE-2026-50750 describes a pre-authentication Denial of Service in Apache ActiveMQ components where an unauthenticated attacker can flood BrokerInfo messages without a ConnectionInfo, causing an Out of Memory condition and broker crash. Affected ranges include Apache ActiveMQ Broker: 5.19.7 befor...
CVE-2026-53916
CVE-2026-53916 describes a memory allocation issue in Apache ActiveMQ families (ActiveMQ, ActiveMQ All, ActiveMQ Stomp) caused by an unauthenticated STOMP NIO client that can emit header bytes that never terminate. This unbounded header buffering can exhaust the JVM heap. Affected versions are be...
PT-2026-53842
Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions 5.19.7 through 5.19.7 Apache ActiveMQ Broker versions 6.2.6 through 6.2.6 Apache ActiveMQ versions 5.19.7 through 5.19.7 Apache ActiveMQ versions 6.2.6 through 6.2.6 Apache ActiveMQ All versions 5.19.7 through...
PT-2026-53846
Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.8 Apache ActiveMQ versions 6.0.0 through 6.2.6 Description An authorization flaw exists in the handling of temporary destinations. While these destinations are intended to be isolated to the connection th...
CVE-2020-37079
Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery CSRF vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user...
CVE-2020-37079
Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery CSRF vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user...
CVE-2020-37079 Wing FTP Server < 6.2.7 - Cross-site Request Forgery
Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery CSRF vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a request that deletes the administrative user...
PT-2026-6812
Name of the Vulnerable Software and Affected Versions Wing FTP Server versions prior to 6.2.7 Description Wing FTP Server versions prior to 6.2.7 have a cross-site request forgery CSRF issue in the web administration interface. This allows attackers to delete administrative users by crafting a...
OESA-2026-1237 python-filelock security update
This package contains a single module, which implements a platform independent file locking mechanism for Python. Security Fixes: filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of th...
Fedora: Security Advisory (FEDORA-2025-10d2e6260b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-62715
creationtimestamp| type| source ---|---|--- 2025-11-05 01:10:32+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m4tuidk6zsb2 2025-11-05 02:10:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4txukn3hq2j...
EUVD-2025-33695
An out-of-bounds write vulnerability exists in VS6ComFile!CItemDraw::ismotiontween of V-SFT v6.2.7.0 and earlier. Opening specially crafted V-SFT files may lead to information disclosure, affected system's abnormal end ABEND, and arbitrary code execution...
IMP 安全漏洞
IMP is an open source web-based webmail system from Horde. A security vulnerability exists in IMP version 6.2.27 and earlier, which originates from a specially crafted HTML email that could lead to account takeover...
Fortinet FortiWeb SQL注入漏洞
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, and other attacks to secure web applications and protect sensitive database content. A SQL injection vulnerability exists in...
CVE-2020-15934
An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine...
PT-2023-2332 · Linux +9 · Linux Kernel +9
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.2.7 Description: The issue is related to a race condition in the Linux kernel's TLS protocol implementation, specifically in the do tls getsockopt conf and do tls setsockopt conf functions in the net/tls/tls...
SUSE-SU-2022:4209-1 Security update for libarchive
This update for libarchive fixes the following issues: - CVE-2022-36227: Fixed potential NULL pointer dereference in archivewriteallocatefilter bsc1205629...
DEBIAN-CVE-2022-24735
Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...