CVE-2026-42224 ipl/web is vulnerable to reflected XSS by malformed search requests

ipl/web is a set of common web components for php projects. Prior to versions 0.13.1 and 0.10.3, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may ha...

[SECURITY] Fedora 43 Update: greetd-0.10.3-6.fc43

greetd is a minimal and flexible login manager daemon that makes no assumptions about what you want to launch...

EUVD-2012-2761

Malware in sbrugna...

OPENSUSE-SU-2025:15551-1 cargo-c-0.10.3~git0.ee7d7ef-4.1 on GA media

These are all security issues fixed in the cargo-c-0.10.3git0.ee7d7ef-4.1 package on the GA media of openSUSE Tumbleweed...

Capsule tenant owners with "patch namespace" permission can hijack system namespaces label

Summary A namespace label injection vulnerability in Capsule v0.10.3 allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation and potentially accessing cross-tenant resources through TenantResource...

CVE-2025-55205

Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system namespaces kube-system, default, capsule-system, bypassing multi-tenant isolation...

CVE-2025-53604

The web-push crate before 0.10.3 for Rust allows a denial of service memory consumption in the built-in clients via a large integer in a Content-Length header...

OPENSUSE-SU-2024:11013-1 libwpd-0_10-10-0.10.3-2.3 on GA media

These are all security issues fixed in the libwpd-010-10-0.10.3-2.3 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12543-1 capnproto-0.10.3-1.1 on GA media

These are all security issues fixed in the capnproto-0.10.3-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2023-42811

aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. If a program using the aes-gcm...

Design/Logic Flaw

aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. If a program using the aes-gcm...

CVE-2023-42811 AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure

aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. If a program using the aes-gcm...

CVE-2023-42811

aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. If a program using the aes-gcm...

CVE-2023-36617

A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396parser.rb and rfc3986parser.rb. NOTE: this issue exists becuse of a...

UBUNTU-CVE-2023-36617

A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396parser.rb and rfc3986parser.rb. NOTE: this issue exists becuse of a...

SUSE CVE-2005-3244

The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote attackers to cause a denial of service infinite loop via unknown vectors...

SUSE CVE-2008-4685

Use-after-free vulnerability in the dissectq931causeie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service application crash or abort via certain packets that trigger an exception...

SUSE CVE-2022-46149

Cap'n Proto is a data interchange format and remote procedure call RPC system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error...

UBUNTU-CVE-2020-7218

HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 0.10.3...

UBUNTU-CVE-2019-1000007

aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can result in Denial of Service, Other. This attack appears to be exploitable via Remote. A crafted stanza...