container-tools:rhel8 security update

slirp4netns 1.2.3-1 - update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.2.3 - Related: Jira:RHEL-2110 1.2.2-1 - update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.2.2 - Related: Jira:RHEL-2110 1.2.1-1 - update to...

EUVD-2025-32561

Akka.Remote TLS did not properly implement certificate-based authentication...

EUVD-2020-11775

Malware in sbrugna...

EUVD-2020-11778

Malware in sbrugna...

Akka.Remote TLS did not properly implement certificate-based authentication

This is a critical network security vulnerability for Akka.Remote users who have SSL / TLS enabled on their Akka.Remote connections and were expecting certificate-based authentication to be enforced on all peers attempting to join the network. In all versions of Akka.Remote from v1.2.0 to v1.5.51...

EUVD-2023-1584

Malicious code in bioql PyPI...

CVE-2025-51667

Technical details for CVE-2025-51667 are not publicly available in the provided connected documents. Monitor for updates.

CVE-2020-19879

DBHcms v1.2.0 has a stored xss vulnerability as there is no security filter of $GET'dbhcmspid' variable in dbhcms\page.php line 107,...

CVE-2025-45616

CVE-2025-45616 affects Baidu BRCC v1.2.0, with an incorrect access-control in the /admin/** API that can let an attacker obtain Admin rights via a crafted request. The public records consistently describe the vulnerability as an improper access-control /admin/** exposure, enabling unauthorized ad...

CVE-2025-30205

kanidim-provision is a helper utility that uses kanidm's API to provision users, groups and oauth2 systems. Prior to version 1.2.0, a faulty function intrumentation in the optional kanidm patches provided by kandim-provision will cause the provisioned admin credentials to be leaked to the system...

CVE-2024-10225 Denial of Service in haotian-liu/llava

A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service DoS by appending a large number of characters to the end of a multipart boundary in a file upload request. This causes the server to continuously process each character, rendering the application...

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-2902)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

sp1-recursion-gnark-ffi has insufficient range checks of BabyBear arithmetic

The Gnark recursion circuit constrains arithmetic over BabyBear when the native field of the ZKP circuit is the BN254 scalar field. Proper implementation of this logic requires range checking Bn254 values to be less than the BabyBear modulus. In versions 1.2.0, functions like InvF and InvE used...

GHSA-F77Q-R5QM-W4M8 sp1-recursion-gnark-ffi has insufficient range checks of BabyBear arithmetic

The Gnark recursion circuit constrains arithmetic over BabyBear when the native field of the ZKP circuit is the BN254 scalar field. Proper implementation of this logic requires range checking Bn254 values to be less than the BabyBear modulus. In versions 1.2.0, functions like InvF and InvE used...

CVE-2024-48546

CVE-2024-48546 affects the Wear Sync mobile app (Wear Sync v1.2.0). The issue is incorrect access control in the firmware update and download processes, allowing an attacker to access sensitive information by inspecting code/data inside the APK. Documented impact is high for confidentiality, inte...

Amazon Linux 2023 : runc (ALAS2023-2024-725)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-725 advisory. runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or...

CVE-2024-45390 @blakeembrey/template vulnerable to code injection when attacker controls template input

@blakeembrey/template is a string template library. Prior to version 1.2.0, it is possible to inject and run code within the template if the attacker has access to write the template name. Version 1.2.0 contains a patch. As a workaround, don't pass untrusted input as the template display name, or...

CVE-2024-45310 runc can be confused to create empty files/directories on the host

runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...

CVE-2024-33394

An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component...

CVE-2023-49473

Shenzhen JF6000 Cloud Media Collaboration Processing Platform firmware version V1.2.0 and software version V2.0.0 build 6245 is vulnerable to Incorrect Access Control...