43 matches found
osbuild-composer security update
An update is available for osbuild-composer. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A service for building customized OS artifacts, such as VM images an...
EUVD-2026-10496
Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and extract Node.js if it...
SUSE-SU-2026:20629-1 Security update for go1.24-openssl
This update for go1.24-openssl fixes the following issues: - Update to version 1.24.13 jscSLE-18320 - CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information. bsc1251255 - CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress. bsc1251253 -...
Important: podman security update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted...
MiracleLinux 4 : php-5.3.2-6.AXS4.1 (AXSA:2011-39:01)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-39:01 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers...
EUVD-2026-2013
GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safeextract function does not validate decompressed file sizes when extracting ZIP archives wheels, eggs, allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabyt...
ROS-20251030-05
Vulnerability of Erlang programming language OTP library set is related to incorrect checking of ZIP archives in "zip:unzip/1,2" and "zip:extract/1,2" procedures of Erlang/OTP standard library ZIP archives in the "zip:unzip/1,2" and "zip:extract/1,2" procedures of the Erlang/OTP standard library...
EUVD-2014-2748
Malware in sbrugna...
EUVD-2021-1582
Malware in sbrugna...
EUVD-2020-30220
Malware in sbrugna...
EUVD-2017-15034
Malware in sbrugna...
EUVD-2019-5712
Malware in sbrugna...
EUVD-2018-0637
Malware in sbrugna...
EUVD-2015-2825
Malware in sbrugna...
EUVD-2019-0091
Malware in sbrugna...
EUVD-2023-42881
Malicious code in bioql PyPI...
EUVD-2024-25046
Malicious code in bioql PyPI...
EUVD-2021-28780
Malicious code in bioql PyPI...
EUVD-2025-23970
Malicious code in bioql PyPI...
EUVD-2025-7267
Malicious code in bioql PyPI...