Azure Linux 3.0 Security Update: kernel (CVE-2025-38180)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38180 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38229)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38229 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: cxusb: no longer judge rbuf when...

CVE-2026-21972

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successf...

CVE-2021-47865

A flaw was found in ProFTPD. A remote attacker can exploit this denial of service DoS vulnerability by creating multiple simultaneous File Transfer Protocol FTP connections. This action can exhaust the server's connection limits, preventing legitimate users from accessing the service...

CVE-2021-47865

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access...

CVE-2021-47865 ProFTPD 1.3.7a - Remote Denial of Service

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access...

CVE-2021-47865

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access...

CVE-2021-47865

CVE-2021-47865 affects ProFTPD 1.3.7a. The vulnerability allows remote denial of service by spawning multiple simultaneous FTP connections, using threading to exhaust server connection limits and block legitimate users. Documented impact is high (availability impact), with CVSS 3.1/4.0 vectors sh...

Exploit for SQL Injection in Progress Moveit_Cloud

MOVEit Transfer 2023 Mass Data Breach Overview This reposi...

Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash

Impact A denial-of-service vulnerability due to improper input validation allows a remote attacker to crash the service via a malformed HTTP header. Allows crashing the process with data coming from the network when used with, for example, an HTTP server. Most common way of using Swift W3C Trace...

GHSA-MVPQ-2V8X-WW6G Swift W3C TraceContext vulnerable to a malformed HTTP header causing a crash

Impact A denial-of-service vulnerability due to improper input validation allows a remote attacker to crash the service via a malformed HTTP header. Allows crashing the process with data coming from the network when used with, for example, an HTTP server. Most common way of using Swift W3C Trace...

CVE-2026-21966

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications component: Opera. Supported versions that are affected are 5.6.19.23, 5.6.25.17, 5.6.26.10 and 5.6.27.4. Easily exploitable vulnerability allows unauthenticated attacker with network acces...

CVE-2026-0865

User-controlled header names and values containing newlines can allow injecting HTTP headers...

CVE-2025-59465

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

kernel: Fix of 39 CVEs

Bluetooth: hcisysfs: Fix attempting to call deviceadd multiple times CVE-2022-50419 - firewire: net: fix use after free in fwnetfinishincomingpacket CVE-2023-53432 - wifi: brcmfmac: fix use-after-free bug in brcmfnetdevstartxmit CVE-2022-50408 - wifi: brcmfmac: slab-out-of-bounds read in...

[SECURITY] Fedora 43 Update: exim-4.99.1-1.fc43

Exim is a message transfer agent MTA developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal ...

MiracleLinux 8 : nodejs:14 (AXSA:2022-3839:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3839:01 advisory. nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding...

ROS-20260120-7329

A vulnerability in the slimdotransfer function of the driver drivers/slimbus/messaging.c of the Linux kernel is related to incorrect resource release. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Oracle Hospitality Applications security vulnerabilities

Oracle Hospitality Applications is a set of business applications, servers, and storage solutions for hotel management developed by Oracle Corporation in the United States. This product offers features such as human resources cost management and tracking of services provided throughout customers’...

PT-2026-3721

Vulnerability in the Oracle Life Sciences Central Designer product of Oracle Health Sciences Applications component: Platform. The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life...