SUSE CVE-2026-48501

GitHub CLI gh is GitHub's official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands. The CLI uses a shared HTTP client with an authenticati...

Linux Distros Unpatched Vulnerability : CVE-2024-45217

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the...

BIT-SOLR-2024-45217 Apache Solr: ConfigSets created during a backup restore command are trusted implicitly

Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted...

CVE-2024-45217

Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted...

PT-2024-31485 · Apache · Apache Solr

Name of the Vulnerable Software and Affected Versions: Apache Solr versions 6.6.0 through 8.11.3 Apache Solr versions 9.0.0 through 9.6.x Description: The issue arises from the insecure default initialization of resources in Apache Solr, where new ConfigSets created via a Restore command lack the...

GHSA-77HH-43CM-V8J6 tuf's Metadata API: Targets.get_delegated_role() is missing input validation

The security of both a TUF client and repository implementations depend on the concept of trusted Metadata objects verifying the signatures over other Metadata that it delegates to. This verification process uses Targets.getdelegatedroledelegatedrole: str to find the delegation information...

PT-2023-21833 · Qualcomm · Qualcomm Chipsets

Name of the Vulnerable Software and Affected Versions: Qualcomm Chipsets affected versions not specified Description: The issue concerns information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. Recommendations: At the moment, there is...

SUSE CVE-2017-14604

GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI...

SUSE-SU-2018:2058-1 Security update for nautilus

This update for nautilus fixes the following issues: Security issue fixed: - CVE-2017-14604: Add a metadata::trusted metadata to the file once the user acknowledges the file as trusted, and also remove the 'trusted' content in the desktop file bsc1060031...