Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the OVN database connection process. An attacker can gain unauthorized access to sensitive network configuration data by presenting a rogue self-signed certificate chain during the TLS handshake, which is...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the request handling flow inside the Docker daemon. An attacker can bypass authorization checks by sending specially-crafted requests that cause the authorization plugin to receive the request without its body...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the CheckTxnAuth function. A user with RBAC restricted permissions on key ranges can gain unauthorized access to the entire data store by bypassing key-level authorization checks using nested transactions...

Slackware Linux 15.0 / current libpng Vulnerability (SSA:2026-042-02)

The version of libpng installed on the remote host is prior to 1.6.55. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-042-02 advisory. New libpng packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the GetConfig and RefreshResource API endpoints. An attacker can access sensitive configuration data or trigger excessive reconciliations by sending requests with any non-empty Bearer token in the Authorizati...

Debian dsa-6095 : foomuuri - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6095 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6095-1 [email protected] https://www.debian.org/securit...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the bypass method. An attacker can access internal network resources by leveraging a 302 redirect to bypass existing security restrictions. PoC python from flask import Flask, redirect app = Flasknam...

org.apache.syncope:syncope-core-upgrader (>=1.2.0 <=1.2.11), org.apache.syncope:syncope-standalone (>=1.1.0 <=1.1.8) potentially affected by CVE-2025-65998 via org.apache.syncope:syncope-core (>=1.1.0 <=1.2.9)

org.apache.syncope:syncope-core MAVEN version =1.1.0, =1.2.0, =1.1.0, =1.1.8 Source cves: CVE-2025-65998 Source advisory: OSV:GHSA-JQG8-M35Q-JH7J...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the url variable processing in openURLMiddleware.ts. An attacker can execute arbitrary system commands by sending crafted HTTP POST requests, if the Metro development server is in use. This server binds to all...

EUVD-2017-11882

Malware in sbrugna...

EUVD-2019-8681

Malware in sbrugna...

EUVD-2019-13583

Malware in sbrugna...

Debian dla-4320 : u-boot - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4320 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4320-1 [email protected]...

[SECURITY] [DLA 4286-2] libcommons-lang3-java regression update

Debian LTS Advisory DLA-4286-2 [email protected] https://www.debian.org/lts/security/ Daniel Leidert September 30, 2025 https://wiki.debian.org/LTS Package : libcommons-lang3-java Version : 3.11-1+deb11u2 CVE ID : CVE-2025-48924 A regression has been discovered in the latest release...

Important: kernel-livepatch-5.10.238-231.953

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: dma-buf/dma-resv: check if the new fence is really later CVE-2022-49935 Affected Packages: kernel-livepatch-5.10.238-231.953 Issue Correction: Please ensure you have live patching enabled. Run yum update...

Improper Handling of Highly Compressed Data (Data Amplification)

Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification in the scenario decoding process. An attacker can cause excessive resource consumption by submitting a specially crafted zip archive that decompresses to a very large size...

CVE-2019-19041

An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by...

Improper Ownership Management

Overview Affected versions of this package are vulnerable to Improper Ownership Management for projects, whose namespace defaults to being the project name, regardless of cluster. A user with permission to create a project can escalate privileges to those of a user who owns a project by the same...

Exposure of Sensitive Information Through Metadata

Overview Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata when executing the UpdateChannelBookmark function, due to improper handling of user permissions. By creating a bookmark referencing a deleted file, an attacker can expose metadata from...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment that allows a Restricted Administrator user to change the password of an Administrator account and escalate privileges by taking over the Administrator account. Workaround This vulnerability can be avoided...