EUVD-2026-12720

OpenClaw versions prior to 2026.2.21 fail to filter dangerous process-control environment variables from config env.vars, allowing startup-time code execution. Attackers can inject variables like NODEOPTIONS or LD through configuration to execute arbitrary code in the OpenClaw gateway service...

PT-2026-26008

Summary OpenClaw allowed dangerous process-control environment variables from env.vars for example NODE OPTIONS, LD , DYLD to flow into gateway service runtime environments, enabling startup-time code execution in the OpenClaw process context. Details collectConfigEnvVars accepted unfiltered keys...

Apache Cocoon 安全漏洞

Apache Cocoon is a Web application framework built on the concept of component-based Web development from the Apache Foundation. A security vulnerability exists in Apache Cocoon that stems from the fact that Apache Cocoon uses a pseudo-random number generator PRNG when generating continuation...

Sh4D0Wup - Signing-key Abuse And Update Exploitation Framework

Signing-key abuse and update exploitation framework. % docker run -it --rm ghcr.io/kpcyrd/sh4d0wup:edge -h Usage: sh4d0wup OPTIONS Commands: bait Start a malicious update server front Bind a http/https server but forward everything unmodified infect High level tampering, inject additional command...

Ratpack 安全特征问题漏洞

Ratpack is a Java library for building scalable HTTP applications. A security vulnerability exists in Ratpack versions prior to 1.9.0, which stems from the client-side session module defaulting to using the application startup time as the signing key, and can be exploited by an attacker to tamper...

PT-2021-18242 · Ratpack · Ratpack

Name of the Vulnerable Software and Affected Versions: Ratpack versions prior to 1.9.0 Description: The client side session module in Ratpack uses the application startup time as the signing key by default. If an attacker can determine this time and encryption is not used, the session data could ...

Enhancing video streaming quality for ExoPlayer - Part 2: ExoPlayer's Buffering Strategy, how to lower startup time, and how to lower rebuffering for video on-demand

Co-Author: Mark Greve, Engineering Manager at Akamai. Part of the Media Client Team The first part of this blog series discussed about the quality of user experience QoE metrics and two strategies that heavily influence the QoE: the bitrate selection strategy and the buffering strategy. In this...

Enhancing Video Streaming Quality for Exoplayer -- Part 2: Buffering Strategy to Lower Startup Time and Video On-Demand Rebuffering

The first part of this blog series discussed about the quality of user experience QoE metrics and two strategies that heavily influence the QoE: the bitrate selection...

Enhancing video streaming quality for ExoPlayer - Part 1: Quality of User Experience Metrics

Authors: Mark Greve, Domițian Tămaș-Selicean The online video player landscape is fragmented with a wide variety of players across a mix of popular platforms. In the world of HTML5-video players in browsers, there are a number of open-source solutions e.g., hls.js, dash.js, Shaka Player, as well ...

SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:0743-1)

This update for java-171-ibm fixes the following issue: The version was updated to 7.1.4.20 bsc1082810 - Security fixes : - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677...

SUSE-SU-2018:0743-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issue: The version was updated to 7.1.4.20 bsc1082810 Security fixes: - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677...

Security fix for the ALT Linux 9 package apache2 version 1:2.4.25-alt1

May 18, 2017 Anton Farygin 1:2.4.25-alt1 - updated to 2.4.25 witch security fixes: + CVE-2016-8740 modhttp2: Mitigate DoS memory exhaustion via endless CONTINUATION frames. + CVE-2016-5387 core: Mitigate fcgi "httpoxy" issues + CVE-2016-2161 modauthdigest: Prevent segfaults during client entry...

PT-2015-4547 · Red Hat · Red Hat Enterprise Virtualization

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization RHEV Manager versions prior to 3.5.1 Description: The issue allows local users to obtain sensitive information by reading files in a directory due to weak permissions on the directories shared by the...

SuSE 10 Security Update : clamav (ZYPP Patch Number 3894)

This clamav version update to 0.91 fixes among other things the long startup time of its predecessor. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid29402;...

SuSE 10 Security Update : clamav (ZYPP Patch Number 3902)

This clamav version update to 0.91.1 fixes among other things the long startup time of version 0.90.3 as well as a possibilty to crash clamav with specially crafted rar archives. CVE-2007-3725 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, In...

openSUSE 10 Security Update : clamav (clamav-3893)

This clamav version update to 0.91 fixes among other things the long startup time of it's predecessor. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update clamav-3893. The text description of this...

openSUSE 10 Security Update : clamav (clamav-3901)

This clamav version update to 0.91.1 fixes among other things the long startup time of version 0.90.3 as well as a possibilty to crash clamav with specially crafted rar archives CVE-2007-3725. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...