EulerOS Virtualization 2.10.1 : python-urllib3 (EulerOS-SA-2026-1545)

According to the versions of the python-urllib3 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP...

GHSA-XJ37-QJG2-XWV2 @whyour/qinglong: manipulation of the argument command leads to protection mechanism failure

A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. The attack may be initiated remotely. The...

Security Bulletin: Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly, which affects IBM watsonx.data

Summary Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file. These can affect...

PHP 8.4.x < 8.4.5 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.4.5. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.4.5 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...

PT-2024-30443 · Tribulant · Tribulant Newsletters

Name of the Vulnerable Software and Affected Versions: Tribulant Newsletters versions 4.9.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For...

PT-2023-6370 · Unknown · Supportcandy

Name of the Vulnerable Software and Affected Versions: SupportCandy versions prior to 3.1.5 Description: The issue is related to the lack of validation and escaping of user input in SQL statements, which could allow unauthenticated attackers to perform SQL injection attacks. This could enable...

Design/Logic Flaw

It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack wou...

Compatibility update for installing Windows 10, version 1809: May 21, 2019

Compatibility update for installing Windows 10, version 1809: May 21, 2019 Summary This update makes improvements to ease the installation experience when updating to Windows 10, version 1809. How to get this update This update is available through Windows Update. It will be downloaded and...

[SECURITY] New version of openssh released

Package : openssh Problem type : remote exploit Debian-specific: no The adv.fwd security advisory from OpenBSD reported a problem with openssh that Jacob Langseth [email protected] found: when the connection is established the remote ssh server can force the ssh client to enable agent and X11...