SUSE CVE-2026-25949

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest STARTTLS prelude and then...

openSUSE 16 Security Update : go1.25 (openSUSE-SU-2025:20157-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:20157-1 advisory. Update to go1.25.5. Security issues fixed: - CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host...

Updated golang packages fix security vulnerabilities

Insufficient validation of bracketed IPv6 hostnames in net/url. CVE-2025-47912 Unbounded allocation when parsing GNU sparse map in archive/tar. CVE-2025-58183 Parsing DER payload can cause memory exhaustion in encoding/asn1. CVE-2025-58185 Lack of limit when parsing cookies can cause memory...

EUVD-2021-18931

Malware in sbrugna...

CVE-2021-32069

The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to view and modify data...

Exploit for Improper Encoding or Escaping of Output in Apache Http_Server

CVE-2024-38475SonicBoomApacheURLTraversalPoC Author: a...

openSUSE 15 Security Update : python-mysql-connector-python (openSUSE-SU-2024:0351-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0351-1 advisory. - Update to 9.1.0 boo1231740, CVE-2024-21272 - WL16452: Bundle all installable authentication plugins when building the C-extension - WL16444: Drop build...

Security update for python-mysql-connector-python (important)

openSUSE Security Update: Security update for python-mysql-connector-python Announcement ID: openSUSE-SU-2024:0351-1 Rating: important References: 1231740 Cross-References: CVE-2024-21272 Affected Products: openSUSE Backports SLE-15-SP5 An update that fixes one vulnerability is now available...

Server prefers weak encryption ciphers during TLS negotiation

TLS cipher suite issues were detected: Server prefers weak encryption ciphers during TLS negotiation...

SUSE-SU-2023:2109-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Upgrade to upsteam tag jdk-11.0.19+7 April 2023 CPU: - CVE-2023-21930: Fixed AES support bsc1210628. - CVE-2023-21937: Fixed String platform support bsc1210631. - CVE-2023-21938: Fixed runtime support bsc1210632. - CVE-2023-21939: Fixed...

OpenJDK: certificate validation issue in TLS session negotiation (8298310)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...

OpenJDK: certificate validation issue in TLS session negotiation (8298310)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...

OpenJDK: certificate validation issue in TLS session negotiation (8298310)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...

OpenJDK: certificate validation issue in TLS session negotiation (8298310)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...

K23284054: The BIG-IP SMTPS virtual server may fail to properly restrict I/O buffering, allowing attackers to insert commands into encrypted SMTP sessions

Security Advisory Description This issue occurs the following condition is met: A virtual server is configured with a Client SSL profile and an SMTPS profile that has the STARTTLS Activation Mode setting enabled Allow or Require for processing SMTPS traffic. Impact When system receives these SMTP...

SUSE CVE-2017-15118

A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requir...

Security fix for the ALT Linux 10 package java-11-openjdk version 0:11.0.12.7-alt1_0jpp10

Aug. 25, 2021 Andrey Cherepanov 0:11.0.12.7-alt10jpp10 - new version - security fixes: + CVE-2021-2341: Improve file transfers + CVE-2021-2369: Better jar file validation + CVE-2021-2388: Enhance compiler validation + CVE-2021-2161: Less ambiguous processing + CVE-2021-2163: Enhance opening JARs ...

Mitel Networks MiCollab has an unspecified vulnerability

Mitel Networks MiCollab is a mobile application from Mitel Networks Canada that provides voice, video, messaging, audio conferencing and team collaboration for employees.A security vulnerability exists in versions of Mitel Networks MiCollab prior to 9.3, which stems from a component that could be...

CVE-2021-32069

The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to view and modify data...

CVE-2021-32069

CVE-2021-32069 affects the Mitel MiCollab AWV component and is caused by improper TLS negotiation, enabling potential Man-In-The-Middle attacks. Affected are MiCollab installations prior to version 9.3, where an attacker could view and modify data in transit. The vulnerability is documented acros...