908419 matches found
DLA-2085-1 zlib - security update
Bulletin has no description...
DSA-4509-3 apache2 - security update
Bulletin has no description...
DSA-4529-1 php7.0 - security update
Bulletin has no description...
DLA-1896-1 commons-beanutils - security update
Bulletin has no description...
DLA-1828-1 python-urllib3 - security update
Bulletin has no description...
ALSA-2019:1529 Important: pki-deps:10.6 security update
The Public Key Infrastructure PKI Deps module contains fundamental packages required as dependencies for the pki-core module by AlmaLinux Certificate System. Security Fixes: tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up CVE-2018-8037 tomcat: Insecure...
DLA-1789-1 intel-microcode - security update
Bulletin has no description...
DLA-1748-1 apache2 - security update
Bulletin has no description...
DLA-1445-1 busybox - security update
Bulletin has no description...
CVE-2018-7600
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations...
CVE-2016-9953
The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service crash, or possibly have unspecified other impact via a wildcard...
CVE-2017-1000158
CPython aka Python up to 2.7.13 is vulnerable to an integer overflow in the PyStringDecodeEscape function in stringobject.c, resulting in heap-based buffer overflow and possible arbitrary code execution...
DSA-3980-1 apache2 - security update
Bulletin has no description...
DSA-3925-1 qemu - security update
Bulletin has no description...
DSA-3767-1 mysql-5.5 - security update
Bulletin has no description...
DLA-772-1 linux - security update
Bulletin has no description...
UBUNTU-CVE-2016-5303
Cross-site scripting XSS vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form 1 action or 2 xlink attribute...
DSA-3738-1 tomcat7 - security update
Bulletin has no description...
DSA-3673-2 openssl - regression update
Bulletin has no description...
DLA-508-1 expat - security update
Bulletin has no description...
CVE-2016-2109
The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service memory consumption via a short invalid encoding...
DSA-3396-1 linux - security update
Bulletin has no description...
DSA-3280-1 php5 - security update
Bulletin has no description...
DSA-3252-1 sqlite3 - security update
Bulletin has no description...
DLA-212-1 php5 - security update
Bulletin has no description...
DSA-3195-1 php5 - security update
Bulletin has no description...
DLA-17-1 tor - new upstream version
Bulletin has no description...
DSA-2622-1 polarssl - several
Bulletin has no description...
DSA-2365-1 dtc - several
Bulletin has no description...
DSA-2340-1 postgresql - weak password hashing
Bulletin has no description...
DSA-2235-1 icedove - several
Bulletin has no description...
DSA-2123-1 nss - cryptographic weaknesses
Bulletin has no description...
DSA-1928-1 linux-2.6.24 - several vulnerabilities
Bulletin has no description...
DSA-1915-1 linux-2.6 - several vulnerabilities
Bulletin has no description...
DSA-1790-1 xpdf - multiple vulnerabilities
Bulletin has no description...
DSA-1636-1 linux-2.6.24 - several vulnerabilities
Bulletin has no description...
DSA-1630-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
Bulletin has no description...
DSA-1282-1 php4
Bulletin has no description...
DSA-1069-1 kernel-source-2.4.18 - several
Bulletin has no description...
DSA-816-1 xfree86 - integer overflow
Bulletin has no description...
DSA-667-1 squid - several
Bulletin has no description...
GHSA-C2JP-C369-7PVX FastMCP Auth Integration Allows for Confused Deputy Account Takeover
Summary FastMCP documentation covers the scenario where it is possible to use Entra ID or other providers for authentication. In this context, because Entra ID does not support Dynamic Client Registration DCR, the FastMCP-hosted MCP server is acting as the authorization provider, as declared in t...
BIT-TOMCAT-2024-23672 Apache Tomcat: WebSocket DoS with incomplete closing handshake
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0 through 11.0.0, from 10.1.0 through 10.1.18, from 9.0.0 through...
ASB-A-388828203
In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-387498139
In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-30204 jwt-go allows excessive memory allocation during header parsing
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
RHSA-2023:1325 Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update
Bulletin has no description...
RHSA-2019:4126 Red Hat Security Advisory: httpd24-httpd security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2023:1744 Red Hat Security Advisory: rh-nodejs14-nodejs security, bug fix, and enhancement update
Bulletin has no description...
RHBA-2019:0326 Red Hat Bug Fix Advisory: OpenShift Container Platform 3.11 bug fix update
Bulletin has no description...