CVE-2026-40355 affecting package krb5 for versions less than 1.21.3-4

CVE-2026-40355 affecting package krb5 for versions less than 1.21.3-4. A patched version of the package is available...

CVE-2025-24528 affecting package krb5 for versions less than 1.21.3-3

CVE-2025-24528 affecting package krb5 for versions less than 1.21.3-3. A patched version of the package is available...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: krb5 (UTSA-2025-986178)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986178 advisory. In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...

CVE-2025-54414 Anubis accepts crafted redirect URLs in pass-challenge 'Try Again' buttons

Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in order to protect upstream resources from scraper bots. In versions 1.21.2 and below, attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript...

Komga 安全漏洞

Komga is a media server for comics, magazines, and eBooks by Gauthier Personal Developers. A security vulnerability exists in Komga versions 1.8.0 through 1.21.3, which stems from the presence of cross-site scripting in the EPUB resource that could lead to execution of operations as a victim...

CVE-2024-45401

stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags...

CVE-2024-45401 stripe-cli Path Traversal vulnerability

stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags...

CVE-2024-45401

Summary: CVE-2024-45401 affects stripe-cli. In versions 1.11.1 up to, but not including, 1.21.3, a plugin package with a manifest containing a malformed plugin shortname installed via --archive-url or --archive-path could overwrite arbitrary files (path traversal). Impact: local file overwrite vi...

CVE-2024-45401 stripe-cli Path Traversal vulnerability

stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags...

CVE-2024-45401 stripe-cli Path Traversal vulnerability

stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags...

CVE-2024-26461 affecting package krb5 for versions less than 1.21.3-1

CVE-2024-26461 affecting package krb5 for versions less than 1.21.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-37371 affecting package krb5 for versions less than 1.21.3-1

CVE-2024-37371 affecting package krb5 for versions less than 1.21.3-1. An upgraded version of the package is available that resolves this issue...

In MIT Kerberos 5 (aka krb5) before 1.21.3 an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token causing the unwrapped token to appear truncated to the application.

...

CVE-2024-26461 affecting package krb5 for versions less than 1.19.4-3

CVE-2024-26461 affecting package krb5 for versions less than 1.19.4-3. A patched version of the package is available...

SUSE CVE-2024-37371

In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields...

AZL-43002 CVE-2024-37370 affecting package krb5 for versions less than 1.21.3-1

In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application...

AZL-35480 CVE-2024-26462 affecting package krb5 for versions less than 1.21.3-1

Kerberos 5 aka krb5 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c...

PT-2023-7932

Name of the Vulnerable Software and Affected Versions Go versions 1.21.3 and earlier, 1.20.10 and earlier Description The issue is related to the IsLocal function not correctly detecting reserved device names in some cases on Windows. Specifically, reserved names followed by spaces, such as "COM1...

Buildah processes using chroot isolation may leak environment values to intermediate processes

Impact When running processes using "chroot" isolation, the process being run can examine the environment variables of its immediate parent and grandparent processes CVE-2021-3602. This isolation type is often used when running buildah in unprivileged containers, and it is often used to do so in...

[SECURITY] Fedora 19 Update: mediawiki-1.21.3-1.fc19

MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...