Lucene search
K

1822 matches found

Fedora
Fedora
added 2026/07/04 12:51 a.m.6 views

[SECURITY] Fedora 44 Update: openqa-5^20260604git6376095-3.fc44

openQA is a testing framework that allows you to test GUI applications on one hand and bootloader and kernel on the other. In both cases, it is difficult to script tests and verify the output. Output can be a popup window or it can be an error in early boot even before init is executed. openQA is...

9.8CVSS6.7AI score0.01735EPSS
Exploits0
Fedora
Fedora
added 2026/07/04 12:51 a.m.8 views

[SECURITY] Fedora 44 Update: os-autoinst-5^20260601git6ee8da2-1.fc44

The OS-autoinst project aims at providing a means to run fully automated tests. Especially to run tests of basic and low-level operating system components such as bootloader, kernel, installer and upgrade, which can not easily and safely be tested with other automated testing frameworks. However,...

9.8CVSS6.6AI score0.01735EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.10 views

SUSE SLES12 Security Update : opensc (SUSE-SU-2026:2678-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2678-1 advisory. This update for opensc fixes the following issues - CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device responses...

6.8CVSS6.3AI score0.00296EPSS
Exploits0References10
OSV
OSV
added 2026/06/29 10:57 a.m.5 views

SUSE-SU-2026:2678-1 Security update for opensc

This update for opensc fixes the following issues - CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device responses bsc1261214. - CVE-2025-66215: crafted smart card or USB device can cause a stack-buffer-overflow write bsc1261220. - CVE-2026-10275: global buffer overflow duri...

6.8CVSS6AI score0.00296EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/25 1:22 p.m.4 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: podman: podman-6.0.0-1.hum1 aarch64, x8664 podman-docker-6.0.0-1.hum1 noarch podman-machine-6.0.0-1.hum1 aarch64, x8664 podman-remote-6.0.0-1.hum1 aarch64, x8664 podman-tests-6.0.0-1.hum1 aarch64...

7.5CVSS5.8AI score0.00317EPSS
Exploits1References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Team: Move teamdevicetypechange to the end of teamportadd. Attempting to add a port device that is already up will, unsurprisingly, fail. However, this failure occurs before modifying the teamdeviceheaderops. In the case of the...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: ext4: fixed inconsistencies in e4b bitmap reports An inconsistency issue with the bitmap was observed during stress tests under mixed huge-page workloads. Ext4 reported multiple e4b bitmap check failures, such as:...

7.8CVSS5.8AI score0.00099EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.7 views

Oracle Linux 9 : buildah (ELSA-2026-19186)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-19186 advisory. - fixes CVE-2026-34986 - Rebuild for new golang to address CVE-2025-61726 Tenable has extracted the preceding description block directly from the Oracle Linux...

7.5CVSS6.9AI score0.01945EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2023 : perl-DBI, perl-DBI-tests (ALAS2023-2026-1850)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1850 advisory. DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of t...

9.8CVSS6.2AI score0.00413EPSS
Exploits0References6
Fedora
Fedora
added 2026/06/21 1:11 a.m.6 views

[SECURITY] Fedora 43 Update: python3.13-3.13.14-1.fc43

Python 3.13 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.13 package provides the "python3.13" executable:...

9.1CVSS7.4AI score0.0079EPSS
Exploits0
Fedora
Fedora
added 2026/06/21 1:1 a.m.6 views

[SECURITY] Fedora 44 Update: python3.13-3.13.14-1.fc44

Python 3.13 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.13 package provides the "python3.13" executable:...

9.1CVSS7.4AI score0.0079EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/18 5:22 p.m.20 views

@acastellon/auth: Authentication bypass via spoofable headers in validateToken()

@acastellon/auth v2.2.0 appears to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for auth-user: service-brother when req.get'host'.startsWithgetHostName. Both...

8.7CVSS5.5AI score0.00543EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.8 views

Siemens RUGGEDCOM RST2428P Incorrect Bitwise Shift of Integer (CVE-2025-40281)

In the Linux kernel, the following vulnerability has been resolved: sctp: prevent possible shift-out-of-bounds in sctptransportupdaterto syzbot reported a possible shift-out-of- bounds 1 Blamed commit added rtoalphamax and rtobetamax set to 1000. It is unclear if some sctp users are setting very...

5.9AI score0.00189EPSS
Exploits0References3
OSV
OSV
added 2026/06/15 1:52 p.m.2 views

OPENSUSE-SU-2026:20986-1 Security update for perl-Crypt-SaltedHash

This update for perl-Crypt-SaltedHash fixes the following issues: Changes in perl-Crypt-SaltedHash: updated to 0.110.0 0.11 0.11 2026-05-20 14:05:07+01:00 Europe/London - Fixed metadata - Moved author tests into xt 0.10 2026-05-19 - Maintenance taken over by Robert Rothenberg - Updated the Git...

9.1CVSS5.8AI score0.00397EPSS
Exploits0References4
OSV
OSV
added 2026/06/15 8:50 a.m.4 views

SUSE-SU-2026:22103-1 Security update for opensc

This update for opensc fixes the following issues - CVE-2026-10275: global buffer overflow during key pair generation tests due to missing input validation bsc1267246. - CVE-2026-40528: stack and heap buffer overrun in the dokeyvalue function due to missing length check allows for memory corrupti...

7.8CVSS5.8AI score0.00296EPSS
Exploits0References5
Veracode
Veracode
added 2026/06/15 7:20 a.m.11 views

XXE Injection

Spring REST Docs is vulnerable to XML External Entity XXE Injection. The vulnerability is due to unsafe processing of XML content when documenting remote APIs, where a compromised or malicious API can supply crafted XML containing external entities. When documentation-generating tests are execute...

5.9CVSS5.3AI score0.00223EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/11 1:27 p.m.10 views

OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri

Summary The OpenZeppelin Contracts Wizard generated Hardhat test/test.ts and Foundry test/.t.sol example test files that interpolated user-supplied strings opts.name, opts.uri into the test source without escaping. A crafted input could produce a generated test file in which the input string brok...

5.3AI score0.0004EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/11 1:27 p.m.8 views

GHSA-4X76-22X2-RX8V OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri

Summary The OpenZeppelin Contracts Wizard generated Hardhat test/test.ts and Foundry test/.t.sol example test files that interpolated user-supplied strings opts.name, opts.uri into the test source without escaping. A crafted input could produce a generated test file in which the input string brok...

8.8CVSS5.3AI score0.0004EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.10 views

openSUSE 16 Security Update : sshfs (openSUSE-SU-2026:20915-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20915-1 advisory. Changes in sshfs: - Update to 3.7.6: - Added new maintainer: abhinavagarwal07 Abhinav Agarwal - CVE-2026-47187: Fixed critical vulnerability -...

5.7AI score0.00031EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/10 12:31 a.m.12 views

EUVD-2026-35885

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...

5.9CVSS5.5AI score0.00223EPSS
Exploits0References2
Rows per page
Query Builder