CVE-2026-8428

Concrete CMS 9.5.0 and below emits a CSRF token in the localavailableupdate.php view $token-output'doupdate' but the corresponding doupdate method in concrete/controllers/singlepage/dashboard/system/update/update.php never calls $this-token-validate'doupdate'. The form is rendered as a POST form,...

CVE-2026-41211 `vite-plus/binding` has path traversal `downloadPackageManager()` that leads to writes outside of `VP_HOME`

Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, downloadPackageManager accepts an untrusted version string and uses it directly in filesystem paths. A caller can supply ../ segments or an absolute path to escape the VPHOME/packagemanager// cache root and...

CVE-2026-35167

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

EUVD-2023-60026

In the Linux kernel, the following vulnerability has been resolved: s390/crypto: use vector instructions only if available for ChaCha20 Commit 349d03ffd5f6 "crypto: s390 - add crypto library interface for ChaCha20" added a library interface to the s390 specific ChaCha20 implementation. However no...

EUVD-2007-4437

Malware in sbrugna...

EUVD-2014-5244

Malware in sbrugna...

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A buffer overflow vulnerability exists in FFmpeg version v.n6.1-3-g466799d4f5, which can be exploited by an attacker to execute arbitrary code via the setencoderid function in the...

Veeam Agent Standalone Backup Fails with "Version string portion was too short or too long"

Challenge After upgrading Veeam Backup & Replication to version 12, the following tasks for Standalone Veeam Agent i.e., Veeam Agent for Microsoft Windows, Veeam Agent for Linux, Veeam Agent for IBM AIX, and Veeam Agent for Oracle Solaris deployments that existed before the upgrade may fail...

SUSE CVE-2014-0001

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service crash and possibly execute arbitrary code via a long server version string...

SUSE CVE-2015-8315

The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS."...

SUSE CVE-2015-8855

The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service CPU consumption via a long version string, aka a "regular expression denial of service ReDoS."...

SUSE CVE-2017-17125

nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which allows remote attackers to cause a denial of service bfdelfgetsymbolversionstring buffer over-read and application crash or possibly have unspecified other impact via a crafted ELF file...

SUSE CVE-2017-17788

In GIMP 2.8.22, there is a stack-based buffer over-read in xcfloadstream in app/xcf/xcf.c when there is no '\0' character after the version string...

SUSE CVE-2020-16599

A Null Pointer Dereference vulnerability exists in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.35, in bfdelfgetsymbolversionstring, as demonstrated in nm-new, that can cause a denial of service via a crafted file...

CVE-2022-35861

pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. Shims are executables that pass a command along to a specific versio...

CVE-2022-35861

pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. Shims are executables that pass a command along to a specific versio...

GNU Binutils Code Problem Vulnerability

GNU Binutils GNU Binary Utilities or binutils is a set of programming language utility programs developed by the GNU community. The programs are primarily designed to work with target files in a variety of formats, and provide linkers, assemblers, and other tools for target files and archives. A...

GNU Binutils 代码问题漏洞

GNU Binutils GNU Binary Utilities or binutils is a set of programming language utility programs developed by the GNU community. The programs are primarily designed to work with target files in a variety of formats, and provide linkers, assemblers, and other tools for target files and archives. A...

systemd security, bug fix, and enhancement update

239-40.0.1 - backport upstream pstore tmpfiles patch Orabug: 31420486 - udev rules: fix memory hot add and remove Orabug: 31310273 - fix to enable systemd-pstore.service Orabug: 30951066 - journal: change support URL shown in the catalog entries Orabug: 30853009 - fix to generate...

July 9, 2019—KB4507452 (Monthly Rollup)

July 9, 2019—KB4507452 Monthly Rollup Customers who have applied KB4489887 or later Monthly Rollup Packages to Microsoft Server 2008 SP2 may notice a change to the operating system version string. The “build number” component of the version string increases by 1, and the revision number decreases...