[SECURITY] Fedora 43 Update: python-wsgidav-4.3.4-1.fc43

A generic and extendable WebDAV server written in Python and based on WSGI. Main features: =E2=80=A2 WsgiDAV is a stand-alone WebDAV server with SSL support, that can be installed and run as Python command line script. =E2=80=A2 The python-pam library is needed as extra requirement if pam-login...

org.apache.dolphinscheduler:dolphinscheduler-dist (>=3.3.2 <=3.4.0), org.apache.dolphinscheduler:dolphinscheduler-standalone-server (>=3.0.0 <=3.0.6) potentially affected by CVE-2026-23902 via org.apache.dolphinscheduler:dolphinscheduler-api (>=3.0.0-alpha <=3.4.0)

org.apache.dolphinscheduler:dolphinscheduler-api MAVEN version =3.0.0-alpha, =3.3.2, =3.0.0, =3.0.6 Source cves: CVE-2026-23902 Source advisory: SNYK:JAVA-ORGAPACHEDOLPHINSCHEDULER-16431736...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure due to the exposure of sensitive data to unauthorized actors. An attacker can access sensitive data such as database credentials by exploiting this vulnerability. Workaround This vulnerability can be mitigated by...

CVE-2026-23897

Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of startStandaloneServer from @apollo/server/standalone...

CVE-2026-23897

Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of startStandaloneServer from @apollo/server/standalone...

CVE-2026-23897

CVE-2026-23897 affects Apollo Server when using the default configuration of startStandaloneServer from @apollo/server/standalone. Versions 2.0.0–3.13.0, 4.2.0–before 4.13.0, and 5.0.0–before 5.4.0 are vulnerable to Denial of Service via specially crafted request bodies with exotic character set ...

CVE-2026-23897 Apollo Server is vulnerable to denial of service with `startStandaloneServer`

Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of startStandaloneServer from @apollo/server/standalone...

CVE-2026-23897 Apollo Server is vulnerable to denial of service with `startStandaloneServer`

Apollo Server is an open-source, spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. In versions from 2.0.0 to 3.13.0, 4.2.0 to before 4.13.0, and 5.0.0 to before 5.4.0, the default configuration of startStandaloneServer from @apollo/server/standalone...

Regular Expression Denial of Service (ReDoS)

Overview apollo-server is a Production ready GraphQL Server Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the startStandaloneServer function. An attacker can cause the server to become unresponsive by sending specially crafted request bodies wi...

Regular Expression Denial of Service (ReDoS)

Overview @apollo/server is a spec-compliant GraphQL server that's compatible with any GraphQL client, including Apollo Client. Successor to apollo-server-core, et al. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the startStandaloneServer...

Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.0.17 Update

New Red Hat build of Keycloak 26.0.17 packages are available from the Customer Portal Red Hat build of Keycloak 26.0.17 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security...

[SECURITY] Fedora 43 Update: civetweb-1.16-10.fc43

Civetweb is an easy to use, powerful, C C/C++ embeddable web server with optional CGI, SSL and Lua support. CivetWeb can be used by developers as a library, to add web server functionality to an existing application. It can also be used by end users as a stand-alone web server running on a Window...

org.apache.dolphinscheduler:dolphinscheduler-alert-all (>=3.2.0 <=3.3.0-alpha), org.apache.dolphinscheduler:dolphinscheduler-alert-server (>=3.0.0 <=3.3.0-alpha) +1 more potentially affected by CVE-2024-43115 via org.apache.dolphinscheduler:dolphinscheduler-alert-script (>=3.0.0-alpha <=3.3.0-alpha)

org.apache.dolphinscheduler:dolphinscheduler-alert-script MAVEN version =3.0.0-alpha, =3.2.0, =3.0.0, =3.0.0, =3.0.6 Source cves: CVE-2024-43115 Source advisory: SNYK:JAVA-ORGAPACHEDOLPHINSCHEDULER-12840399...

Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.0.15 Update

New Red Hat build of Keycloak 26.0.15 packages are available from the Customer Portal Red Hat build of Keycloak 26.0.15 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security...

[SECURITY] Fedora 41 Update: nbdkit-1.40.6-1.fc41

NBD is a protocol for accessing block devices hard disks and disk-like things over the network. nbdkit is a toolkit for creating NBD servers. The key features are: Multithreaded NBD server written in C with good performance. Minimal dependencies for the basic server. Liberal license BSD allows...

CVE-2024-51954

There is an improper access control issue in ArcGIS Server versions 11.3 and below on Windows and Linux which, under unique circumstances, could allow a remote, low‑privileged authenticated attacker to access secure services published to a standalone unfederated ArcGIS Server instance. Successful...

How to Remove a Server from a XenServer Pool that Contains Only One Host

This article describes how to remove a server from a XenServer pool that contains only one server. The procedure to remove servers is also described in the XenCenter help. When you remove a server from a pool that contains only one server Pool Master, the pool will be deleted and the Pool Master...

com.webank.wedatasphere.dss:dolphinscheduler-prod-metrics (>=1.1.0 <=1.2.2), org.apache.dolphinscheduler:dolphinscheduler-dist (>=2.0.0 <=2.0.9) +2 more potentially affected by CVE-2023-49620 via org.apache.dolphinscheduler:dolphinscheduler-api (>=1.3.9 <=3.0.6)

org.apache.dolphinscheduler:dolphinscheduler-api MAVEN version =1.3.9, =1.1.0, =2.0.0, =2.0.2, =1.3.9, =3.0.6 Source cves: CVE-2023-49620 Source advisory: OSV:GHSA-R44Q-98GX-PMH2...

How to prepare for upgrading the operating system of the Citrix License Server

To upgrade the operating system of a standalone Citrix License Server...

org.apache.dolphinscheduler:dolphinscheduler-standalone-server (>=3.0.0 <=3.0.6) potentially affected by CVE-2023-25601 via org.apache.dolphinscheduler:dolphinscheduler-api (>=3.0.0 <=3.0.6)

org.apache.dolphinscheduler:dolphinscheduler-api MAVEN version =3.0.0, =3.0.0, =3.0.6 Source cves: CVE-2023-25601 Source advisory: OSV:GHSA-3JXW-CV35-2MMV...