CVE-2026-20202

The CVE-2026-20202 entry concerns Splunk Enterprise (versions < 10.2.2, < 10.0.5, < 9.4.10, < 9.3.11) and Splunk Cloud Platform (versions < 10.4.2603.0, < 10.3.2512.6, < 10.2.2510.10, < 10.1.2507.20, < 10.0.2503.13,

EUVD-2021-18450

Malware in sbrugna...

EUVD-2013-4031

Malware in sbrugna...

EUVD-2025-6405

Malicious code in bioql PyPI...

Path traversal

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...

CVE-2022-39229 Grafana users with email as a username can block other users from signing in

Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user's login attempt by registering someone else'e email address as a username. A Grafana user’s username and email address are unique fields, th...

MGASA-2022-0338 Updated mediawiki packages fix security vulnerability

Username is not escaped in the "welcomeuser" message T308471. Bundled guzzlehttp/guzzle has been updated to 6.5.8, fixing several issues CVE-2022-29248, CVE-2022-31042, CVE-2022-31043, CVE-2022-31090, CVE-2022-31091...

fence-agents security and bug fix update

4.2.1-41.2 - Upgrade bundled python-httplib2 to fix CVE-2020-11078 Resolves: rhbz1850114 4.2.1-41.1 - fencelpar: fix issue with long username, hostname, etc not working when the command run by the agent exceeds 80 characters - fenceevacuate: enable evacuation of instances using private flavors...

Courier MTA: Denial of Service vulnerability

Background Courier MTA is an integrated mail and groupware server based on open protocols. Description Courier MTA has fixed a security issue relating to usernames containing the "=" character, causing high CPU utilization. Impact An attacker could exploit this vulnerability by sending a speciall...

YAK! 2.1.0 still vulnerable

YAK! 2.1.0 still vulnerable =========================== for file transfer yak uses ftp mode. Yak! listens on port 3535 for file transfer in ftp mode. vulnerability in the previous version was, they were using constant username and pass combination for ftp login. 2.1.0 version seems to overcome th...

Common Desktop Environment 2.1 20 Solaris 7.0 - dtspcd Local Privilege Escalation

Common Desktop Environment 2.1 20 Solaris 7.0 - dtspcd Local Privilege Escalation !/bin/sh source: https://www.securityfocus.com/bid/636/info This explanation is quoted from the initial post on this problem by Job De Hass. This message is available in its entirety in the 'Credit' section of this...