18 matches found
CLEANSTART-2026-RJ58492 On Unix platforms, when listing the contents of a directory using File
Multiple security vulnerabilities affect the kyverno-fips package. On Unix platforms, when listing the contents of a directory using File. See references for individual vulnerability details...
CVE-2025-10680
OpenVPN 2.7alpha1 through 2.7beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use...
CVE-2024-45720 Apache Subversion: Command line argument injection on Windows platforms
On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables e.g., svn.exe, etc. may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line...
CVE-2024-45720
CVE-2024-45720 affects Subversion on Windows: a flawed “best fit” character encoding conversion of command-line arguments to svn.exe can cause misinterpretation of arguments, enabling argument injection and execution of other programs. Affected: all Subversion versions up to 1.14.3 on Windows; fi...
Fedora: Security Advisory (FEDORA-2024-25b47765c6)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mozilla: Using Selection API would copy contents into X11 primary selection.
The Mozilla Foundation Security Advisory describes this flaw as: When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. This bug only affects Firefox on X11. Other systems are unaffected...
Fedora: Security Advisory for kitty (FEDORA-2023-a354113801)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks
A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet. "GoBruteforcer chose a Classless Inter-Domain Routing CIDR block for scanning the network during the attack, and it targeted all I...
[SECURITY] Fedora 37 Update: kitty-0.26.3-2.fc37
Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics images, unicode, true-col or, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and several new...
Fedora: Security Advisory for kitty (FEDORA-2022-04bc7cd075)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 26 Update: radicale-1.1.2-1.fc26
The Radicale Project is a CalDAV calendar and CardDAV contact server. It aims to be a light solution, easy to use, easy to install, easy to configur e. As a consequence, it requires few software dependencies and is pre-configur ed to work out-of-the-box. The Radicale Project runs on most of the...
Nginx Web Application Firewall: NAXSI
NAXSI means Nginx Anti XSS & SQL Injection . Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple and readable rules containing 99% of known patterns involved in website vulnerabilities. For...
[SECURITY] Fedora 22 Update: radicale-1.1.1-1.fc22
The Radicale Project is a CalDAV calendar and CardDAV contact server. It aims to be a light solution, easy to use, easy to install, easy to configur e. As a consequence, it requires few software dependencies and is pre-configur ed to work out-of-the-box. The Radicale Project runs on most of the...
Postfix SMTP Server SASL Authentication Memory Corruption (CVE-2011-1720)
A memory corruption vulnerability has been reported in Postfix SMTP server. Postfix is a popular mail server for Unix-like platforms. The vulnerability is specific to Postfix servers that use Cyrus Simple Authentication and Security Layer SASL library. SASL is a framework for providing...
Exim MTA string_format Remote Code Execution (CVE-2010-4344)
The Exim mail server is a full featured mail transfer agent MTA used in Unix-like platforms. It contains implementations of SMTP server for incoming messages as well ,as a SMTP or LMTP client for incoming email. A heap buffer overflow vulnerability has been reported in Exim Mail Transfer Agent MT...
Generic Web Application Unix Command Execution
$Id: genericexec.rb 10642 2010-10-11 19:30:57Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
Ingres Database iidbms Heap Overflow
Ingres Database is a relational database product available for both Windows and Unix-like platforms. A vulnerability has been reported in Ingres Database that could be exploited by remote attackers to compromise a vulnerable system. The vulnerability is due to insufficient boundary checking in th...
Update Protection against Zeus Web Server SSL2_Client_Hello Buffer Overflow
Zeus Web Server is a web server for Unix and Unix-like platforms. A buffer overflow was detected in Zeus Web Server SSL2 implementation SSL2CLIENTHELLO...