EUVD-2026-3787

The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations...

Security Bulletin: IBM® Db2® is vulnerable to privilege escalation under specific configurations (CVE-2025-36186)

Summary IBM® Db2® under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level. Vulnerability Details CVEID:CVE-2025-36186 DESCRIPTION: IBM Db2 for Linux,...

EUVD-2022-24523

Malicious code in bioql PyPI...

PYSEC-2025-38

OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...

CVE-2025-32464

HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sampleconvregsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one...

TYPO3 Cross-Site Request Forgery in Log Module

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

GitLab Enterprise Edition和GitLab Community Edition 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition and GitLab Community...

Ivanti Secure Access Client Security Vulnerability

Ivanti Secure Access Client is a security software client from Ivanti. A security vulnerability exists in Ivanti Secure Access Client versions prior to 22.6R1.1, which stems from a vulnerability that allows locally authenticated attackers to exploit vulnerable configurations, resulting in a denia...

python-tornado: open redirect vulnerability in StaticFileHandler under certain configurations

A vulnerability was found in the python-tornado library. This flaw causes an open redirect vulnerability that allows a remote, unauthenticated attacker to redirect a user to an arbitrary website and conduct a phishing attack by having the user access a specially crafted URL...

CVE-2023-4501

User authentication with username and password credentials is ineffective in OpenText Micro Focus Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server including product variants such as Enterprise Test Server, versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and...

SUSE CVE-2013-1622

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is not a security issue. Further investigation showed that, because of RFC noncompliance, no version or configuration of the product had the vulnerability previously associated with this ID. Notes: none...

Design/Logic Flaw

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS DoT and DNS over HTTPS DoH, bu...

CVE-2022-1183 Destroying a TLS session early causes assertion failure

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS DoT and DNS over HTTPS DoH, bu...

UBUNTU-CVE-2022-1183

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS DoT and DNS over HTTPS DoH, bu...

DEBIAN-CVE-2020-8621

In BIND 9.14.0 - 9.16.5, 9.17.0 - 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected...

OPENSUSE-SU-2020:0597-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2020-1934: modproxyftp may use uninitialized memory when proxying to a malicious FTP server bsc1168404. - CVE-2020-1927: modrewrite configurations vulnerable to open redirect bsc1168407. - CVE-2020-1938: modproxyajp: Add 'secret' parameter...

CVE-2018-1002200

A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attacker could use this vulnerability to write files outside the target directory and overwrite existing files with malicious code or...

Security Bulletin: Rational ClearCase affected by vulnerability in OpenSSL (CVE-2014-0076)

Summary A security vulnerability has been discovered in OpenSSL. Some configurations of IBM Rational ClearCase may expose this vulnerability. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2016-7055, CVE-2017-3731)

Summary OpenSSL vulnerabilities were disclosed on January 26, 2017 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-3731 DESCRIPTION: OpenSSL is vulnerable to a denial of service,...

CVE-2017-1000255

On Linux running on PowerPC hardware Power8 or later a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception interrupt, and use the r1 value from the signal frame as the kernel stack pointer. As part of the exception entry the content of the signa...