[SECURITY] [DLA 4369-1] squid security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4369-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès November 11, 2025 https://wiki.debian.org/LTS -...

[SECURITY] Fedora 41 Update: polymake-4.13-5.fc41

Polymake is a tool to study the combinatorics and the geometry of convex polytopes and polyhedra. It is also capable of dealing with simplicial complexes, matroids, polyhedral fans, graphs, tropical objects, and so forth. Polymake can use various computational packages if they are installed. Thos...

CVE-2022-24841

fleetdm/fleet is an open source device management, built on osquery. All versions of fleet making use of the teams feature are affected by this authorization bypass issue. Fleet instances without teams, or with teams but without restricted team accounts are not affected. In affected versions a te...

WordPress Category Discount Woocommerce Plugin <= 4.12 is vulnerable to Broken Access Control

Software Category Discount Woocommerce Type Plugin Vulnerable versions = 4.12 Fixed in 4.13 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0617 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 26f9aa0c44b8 Credits Krzysztof Zając...

CVE-2023-0100

In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter e.g. report=http://xyz.com/report.rptdesign. If the host indicated in the report parameter matched the HTTP Host header valu...

GSD-2023-1001115 apparmor: Fix memleak in alloc_ns()

apparmor: Fix memleak in allocns This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.86 by commit 5f509fa740b17307f0cba412485072f632d5af36, it...

libtasn1 security update

4.13-4 - Resolves: rhbz2140600...

Debian: Security Advisory (DLA-3263-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GSD-2022-1008288 ftrace: Fix null pointer dereference in ftrace_add_mod()

ftrace: Fix null pointer dereference in ftraceaddmod This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.300 by commit...

CVE-2022-24841 Improper Authorization in github.com/fleetdm/fleet

fleetdm/fleet is an open source device management, built on osquery. All versions of fleet making use of the teams feature are affected by this authorization bypass issue. Fleet instances without teams, or with teams but without restricted team accounts are not affected. In affected versions a te...

OPENSUSE-SU-2020:1346-1 Security update for squid

This update for squid fixes the following issues: squid was updated to version 4.13: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply bsc1175671. - CVE-2020-15811: Improve Transfer-Encoding handling bsc1175665. - CVE-2020-15810: Enforce token characters for field-name bsc1175664. This...

Fedora 32 : 7:squid (2020-63f3bd656e)

Squid version update to 4.13 and security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...

SUSE-SU-2020:2442-1 Security update for squid

This update for squid fixes the following issues: squid was updated to version 4.13: - CVE-2020-24606: Fix livelocking in peerDigestHandleReply bsc1175671. - CVE-2020-15811: Improve Transfer-Encoding handling bsc1175665. - CVE-2020-15810: Enforce token characters for field-name bsc1175664...

CVE-2019-15012

Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0...

CVE-2017-7558

A kernel data leak due to an out-of-bound read was found in the Linux kernel in inetdiagmsgsctp,laddrfill and sctpgetsctpinfo functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic...

UBUNTU-CVE-2017-7558

A kernel data leak due to an out-of-bound read was found in the Linux kernel in inetdiagmsgsctp,laddrfill and sctpgetsctpinfo functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic...

Design/Logic Flaw

A kernel data leak due to an out-of-bound read was found in the Linux kernel in inetdiagmsgsctp,laddrfill and sctpgetsctpinfo functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic...

CVE-2018-6495

Cross-Site Scripting XSS in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to...

Cross site scripting

Cross-Site Scripting XSS in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to...

CVE-2018-10087

The kernelwait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INTMIN value...