22489 matches found
MiracleLinux 9 : grafana-pcp-5.1.1-15.el9_8 (AXSA:2026-1218:08)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-1218:08 advisory. golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 crypto/tls: golang: Go crypto/tls: Denial of Service vi...
MiracleLinux 9 : grafana-10.2.6-22.el9_8 (AXSA:2026-1216:16)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-1216:16 advisory. grafana: Grafana: Information disclosure of data-source passwords via public dashboards CVE-2026-27877 golang: internal/syscall/unix: Root.Chmod can...
CVE-2026-47828 - Missing TLS Certificate Verification in BOSH CLI Allows Root Code Execution via Man-in-the-Middle Credential Replay | Cloud Foundry
CVSS Score: High 8.9 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSSv3: High 7.1 CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Vendor BOSH-Ecosystem / BOSH bosh-cli Versions Affected Severity is High unless otherwise noted. bosh-cli – All versions prior to v7.10.4 Description...
GHSA-6W3M-4HHP-775Q KEDA has PostgreSQL connection string parameter injection via incomplete whitespace escaping
Summary pkg/scalers/postgresqlscaler.go builds libpq-style connection strings by concatenating key=value pairs separated by spaces. Each tenant-controllable field host, port, userName, dbName, sslmode is passed through escapePostgreConnectionParameter: go func escapePostgreConnectionParameterstr...
SUSE-SU-2026:22572-1 Security update for go1.26-openssl
This update for go1.26-openssl fixes the following issues: Update to go1.26.4 bsc1255111. Security issues fixed: - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. -...
OPENSUSE-SU-2026:21254-1 Security update for go1.26-openssl
This update for go1.26-openssl fixes the following issues: Update to go1.26.4 bsc1255111. Security issues fixed: - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. -...
SUSE CVE-2026-9697
Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...
JLSEC-2026-654 Deno's TLS retry copies stale upgrade hook, risking plaintext traffic
Summary A flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When autoSelectFamily was enabled and the first address-family attempt failed, the socket reinitialization path reused a stale TLS upgrade hook tha...
PYSEC-2026-1131 Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...
nodejs:22 security, bug fix, and enhancement update
An update is available for nodejs, module.nodejs, nodejs-packaging, nodejs-nodemon, module.nodejs-packaging, module.nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
RLSA-2026:35891 Important: nodejs:24 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...
RLSA-2026:35892 Important: nodejs:22 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...
The vulnerability of the parse_handshake_header() function in the GnuTLS cryptographic library allows a attacker to induce a service failure.
The vulnerability of the parsehandshakeheader function in the GnuTLS cryptographic library is related to integer overflow. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
MiracleLinux 9 : git-lfs-3.7.1-4.el9_8 (AXSA:2026-1205:08)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-1205:08 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the...
MiracleLinux 9 : opentelemetry-collector-0.144.0-2.el9_8 (AXSA:2026-1213:03)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-1213:03 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go:...
CVE-2026-8932
A flaw was found in curl. The libcurl library, used for transferring data with URLs, could improperly reuse existing network connections. This occurred even when changes to mutual Transport Layer Security mTLS settings, particularly those for client certificates, should have prevented such reuse...
GHSA-3FCV-JVFP-M4Q9 Cilium vulnerable to sensitive information disclosure and cluster disruption via local Envoy admin socket access
Impact When Cilium L7 functionality is enabled on a cluster, the Envoy instance supporting this functionality creates a world-accessible socket on cluster nodes. A local attacker would be able to access Envoy admin endpoints. Depending on deployment configuration, this can expose sensitive...
ALPINE-CVE-2026-13698
A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service...
Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency
A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS mutual Transport Layer Security setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive informati...
undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy
A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier URI, it silently ignores Transport Layer Security TLS options, such as custom Certificate Authorities CAs. This allows a remote attacker to perform a Man-in-the-Middle MITM attack,...