openSUSE 16 Security Update : syft (openSUSE-SU-2026:20928-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20928-1 advisory. Changes in syft: - Update to version 1.45.0: Added Features - Add support for ZapAddOns as jar files 4654 4932 @douglasclarke - MySQL binary classifier...

OPENSUSE-SU-2026:20928-1 Security update for syft

This update for syft fixes the following issues: Changes in syft: - Update to version 1.45.0: Added Features - Add support for ZapAddOns as jar files 4654 4932 @douglasclarke - MySQL binary classifier should distinguish between MySQL Cluster ndb and MySQL 3297 4907 @witchcraze - Catalog...

GHSA-72HV-8253-57QQ vulnerabilities

Vulnerabilities for packages: trino, nextflow, confluent-kafka, ruby3.3-jrjackson, ruby3.4-jrjackson, wavefront-proxy, strimzi-kafka-operator, gradle, flyway, cassandra, ruby4.0-jrjackson, zipkin, spdx-tools-java, jenkins, ruby3.2-jrjackson, management-api-for-apache-cassandra-5.0,...

GHSA-72HV-8253-57QQ vulnerabilities

Vulnerabilities for packages: pinot, ruby4.0-jrjackson, kafbat-ui, hadoop-client-modules, apicurio-registry, kafbat-ui-fips, nacos, ruby3.3-jrjackson, spark-fips, opensearch, cass-config-builder, logstash, tritonserver-backend-vllm-cuda-13.0, kayenta, nuxeo, wavefront-proxy, kafka,...

Ubuntu: Security Advisory (USN-7654-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-48734 vulnerabilities

Vulnerabilities for packages: cassandra-reaper, camunda-zeebe, hadoop-client-modules, apicurio-registry, celeborn, apache-activemq-artemis, neo4j, trino, opensearch, akhq, tez, jenkins-plugin-manager, kafka, jenkins, strimzi-kafka-operator, sonarqube, wildfly, apache-nifi, spdx-tools-java,...

php:8.2 security update

php 8.2.28-1 - rebase to 8.2.28 8.2.25-1 - rebase to 8.2.25 RHEL-65837 8.2.13-1 - rebase to 8.2.13 RHEL-14699 - add %phpize and %phpconfig macros - move httpd/nginx wants directives to config files in /etc - php-fpm.conf: move include directive after global section following upstream example,...

openSUSE Security Advisory (SUSE-SU-2024:2802-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2024:2135-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 37 : woff (2022-c30d362ce5)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-c30d362ce5 advisory. Fix a possible double free in woffEncode. - Update License to SPDX - improved summary and description - Add hand-written man pages - Install HTML format...

Fedora 41 : krb5 (2024-bdc305fe55)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bdc305fe55 advisory. Automatic update for krb5-1.21.3-1.fc41. Changelog Tue Jul 9 2024 Julien Rische - 1.21.3-1 - New upstream version 1.21.3 - CVE-2024-26458: Memory le...

Fedora 37 : protobuf (2022-25f35ed634)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-25f35ed634 advisory. Selected notes from packaging changes and improvements: 3.19.6 fixes CVE-2022-3171 3.19.5 fixes CVE-2022-1941 License updated to SPDX Unnecessary...

libndp security update

1.8-6 - Validate route information option length 1.8-5 - Convert the license tag to SPDX format Related: RHELMISC-1363...

SUSE: Security Advisory (SUSE-SU-2023:4127-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for rust-askama (FEDORA-2023-e9243281cb)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 36 : woff (2022-706c76c4f0)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-706c76c4f0 advisory. Fix a possible double free in woffEncode. - Update License to SPDX - improved summary and description - Add hand-written man pages - Install HTML format...

SUSE: Security Advisory (SUSE-SU-2022:3783-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Bomber - Scans Software Bill Of Materials (SBOMs) For Security Vulnerabilities

bomber is an application that scans SBOMs for security vulnerabilities. Overview So you've asked a vendor for an Software Bill of Materials SBOM for one of their closed source products, and they provided one to you in a JSON file... now what? The first thing you're going to want to do is see if a...

CVE-2022-35929

cosign is a container signing and verification utility. In versions prior to 1.10.1 cosign can report a false positive if any attestation exists. cosign verify-attestation used with the --type flag will report a false positive verification when there is at least one attestation with a valid...

searchsbl.toolforge.org Cross Site Scripting vulnerability OBB-2816704

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...