CVE-2025-9652 Portabilis i-Educar Cadastrar tipo de transferência educar_transferencia_tipo_cad.php cross site scripting

A vulnerability was determined in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /intranet/educartransferenciatipocad.php of the component Cadastrar tipo de transferência Page. This manipulation of the argument nmtipo/desctipo causes cross site scripting. It is possib...

OESA-2025-2092 buildah security update

The package provides a command line tool which can be used to create a working container from scratch or create a working container from an image as a starting point mount/umount a working container's root file system for manipulation save container's root file system layer to create a new image...

OESA-2025-2090 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication...

SUSE-SU-2025:03021-1 Security update for netty

This update for netty fixes the following issues: - CVE-2025-55163: Fixed 'MadeYouReset' DoS attack in HTTP/2 protocol including DNS over HTTPS bsc1247991...

CVE-2025-55763

CVE-2025-55763 describes a buffer overflow in CivetWeb’s URI parser (versions 1.14–1.16) that can be triggered by a crafted HTTP request, allowing a remote attacker to potentially execute arbitrary code or cause a denial of service by corrupting heap memory during request processing. The connecte...

PT-2025-35221

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A cross site scripting issue exists in Portabilis i-Educar up to version 2.10. The issue is located in an unknown function within the /intranet/educar transferencia tipo cad.php file of the...

Vulnerability fixed in CrushFTP

CrushFTP has fixed a vulnerability in versions 10 through 10.8.5 and 11 through 11.3.423. The vulnerability is located in CrushFTP's AS2 validation. This vulnerability allows an attacker to gain administrative access via HTTPS, especially when the DMZ proxy feature is not used. The vulnerability...

FreeBSD : qt6-base -- DoS in QColorTransferGenericFunction (2a11aa1e-83c7-11f0-b6e5-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2a11aa1e-83c7-11f0-b6e5-4ccc6adda413 advisory. Andy Shaw reports: When passing values outside of the expected range to QColorTransferGenericFunction i...

Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: Upgraded to version 9.4.58.v20250814: - CVE-2025-5115: Fixed MadeYouReset DoS attack via HTTP/2 protocol including DNS over HTTPS bsc1244252 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...

Security update for tomcat11

This update for tomcat11 fixes the following issues: Updated to Tomcat 11.0.10 - CVE-2025-48989: Fixed "MadeYouReset" DoS in HTTP/2 due to client triggered stream reset bsc1243895 Other fixes: Catalina + Fix: Fix bloom filter population for archive indexing when using a packed WAR containing one...

Linux Distros Unpatched Vulnerability : CVE-2019-17340

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests...

Linux Distros Unpatched Vulnerability : CVE-2022-32278

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. CVE-2022-32278 Note that...

Linux Distros Unpatched Vulnerability : CVE-2022-31778

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue...

Linux Distros Unpatched Vulnerability : CVE-2020-13335

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper group membership validation when deleting a user account in GitLab =7.12 allows a user to delete own account without deleting/transferring their group...

Linux Distros Unpatched Vulnerability : CVE-2020-9273

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in allocpool in pool.c, an...

Linux Distros Unpatched Vulnerability : CVE-2020-25651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate...

CVE-2025-35115 Agiloft insecure download of system packages

Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL. Users should upgrade to Agiloft Release 30...

Cisco Secure Firewall Threat Defense Remote Access VPN Web Server DoS (cisco-sa-asaftd-vpnwebs-dos-hjBhmBsX)

According to its self-reported version, Cisco Firepower Threat Defense Software is affected by a vulnerability. - A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could all...

Linux Distros Unpatched Vulnerability : CVE-2022-2048

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning ...

UBUNTU-CVE-2025-57804

h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without...