EUVD-2024-54094

Malicious code in bioql PyPI...

SUSE SLED15: java-17-openjdk / java-17-openjdk-demo / java-17-openjdk-devel / etc (SUSE-SU-2025:02667-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02667-1 advisory. Upgrade to upstream tag jdk-17.0.16+8 July 2025 CPU: - CVE-2025-30749: several scenarios can le...

SUSE SLES15: java-1_8_0-openj9 / java-1_8_0-openj9-accessibility / etc (SUSE-SU-2025:02545-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02545-1 advisory. Update to OpenJDK 8u462 build 08 with OpenJ9 0.53.0 virtual machine: - CVE-2025-30749: several scenarios can lead to heap...

Vulnerable to Bulletproof: Protect TLS via Certificate Posture Management

...

CVE-2024-56347

IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls...

CVE-2024-56347

IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls...

CVE-2024-56347 IBM AIX command execution

IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls...

CVE-2024-56347

IBM AIX nimsh service SSL/TLS implementations (CVE-2024-56347) affect AIX 7.2 and 7.3 (also VIOS 3.1/4.1). Root cause: improper process controls in nimsh allow remote command execution. Impact is remote, unauthenticated access with high/critical severity in the CVSS vector (network, none/low comp...

CVE-2024-56347 IBM AIX command execution

IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1093)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : ruby2.5 (openSUSE-SU-2021:3838-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3838-1 advisory. - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in...

GHSA-3P3G-VPW6-4W66 Authentication Bypass in hydra

Impact When using client authentication method "privatekeyjwt" 1, OpenId specification says the following about assertion jti: A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated betwe...

PT-2020-14585 · Goahead · Goahead Web Server

Name of the Vulnerable Software and Affected Versions: GoAhead web server versions prior to 5.1.2 Description: The issue concerns the HTTP Digest Authentication in the GoAhead web server, which does not fully protect against replay attacks. This allows an unauthenticated remote attacker to bypass...

CVE-2016-10027

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response...

CVE-2016-10027

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response...

CVE-2016-0772

The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block...

openSUSE Security Update : mozilla-xulrunner190 (mozilla-xulrunner190-2261)

This patch updates Mozilla XULRunner 3.0 engine the 1.9.0.19 release. It includes also following security fixes: MFSA 2010-16: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed eviden...

DSA-1964-1 postgresql-7.4 postgresql-8.1 postgresql-8.3 - several vulnerabilities

Bulletin has no description...