Improper Authentication

github.com/smallstep/certificates is vulnerable to improper authentication. The vulnerability is due to missing safeguards against unauthenticated certificate issuance through the SCEP UpdateReq, which allows an attacker to obtain certificates without authentication...

EUVD-2025-34081

Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource reques...

CVE-2025-59836 Omni is Vulnerable to DoS via Empty Create/Update Resource Requests

Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource Service allows unauthenticated users to cause a server panic and denial of service by sending empty create/update resource reques...

CVE-2024-47081

Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be...

CVE-2024-54020

A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests...

PT-2025-9008

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential deadlock issue has been identified in the Linux kernel. The problem occurs when the sysfs -store function is called while a queue is frozen, and memory allocation with GFP...

ROS-20240805-05

Vulnerability in kube-apiserver component of virtual machine cluster management software tool Kubernetes is related to redirection to malicious resources during proxied update requests. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges...

Malicious code in update-requests (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-6178 Malicious code in update-requests (PyPI)

--- -= Per source details. Do not edit below this line.=-...

RHEL 8 : bind and dhcp (RHSA-2024:2720)

"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2720 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

Moderate: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

RHEL 8 : bind9.16 (RHSA-2023:2792)

"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2792 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

bind security and bug fix update

32:9.16.23-11 - Correct backport issue in statistics rendering fix 2126912 32:9.16.23-10 - Handle subtle difference between upstream and rhel CVE-2022-3094 32:9.16.23-9 - Prevent flooding with UPDATE requests CVE-2022-3094 - Handle RRSIG queries when server-stale is active CVE-2022-3736 - Fix cra...

DNS Rebind RPC Unauthenticated Access

A DNS rebind vulnerability exists within certain RPC authentication methods. This is due to the way the agent handles update requests. A successful attack could lead to malicious code execution...

Updated bind packages fix security vulnerability

It was discovered that Bind incorrectly handled certain malformed responses to an ANY query. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service CVE-2016-9131. It was discovered that Bind incorrectly handled certain malformed responses to an AN...

CVE-2016-2998

Cross-site request forgery CSRF vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update data...

CVE-2014-6611

The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof servers and trigge...

cumin: Denial of service due to improper handling of certain Ajax requests

Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers to cause a denial of service CPU and memory consumption via a crafted Ajax update request...

Debian Security Advisory DSA 2272-1 (bind9)

The remote host is missing an update to bind9 announced via advisory DSA 2272-1. OpenVAS Vulnerability Test $Id: deb22721.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2272-1 bind9 Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

bind: Specially constructed packet will cause named to exit

Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service named daemon crash via a crafted UPDATE request...