BoardRoom Dividend Distribution Tax Election System 安全漏洞

BoardRoom Dividend Distribution Tax Election System is a dividend distribution tax election system from BoardRoom, Inc. A security vulnerability exists in BoardRoom Dividend Distribution Tax Election System version v2.0. An attacker can exploit the vulnerability to execute arbitrary code via...

The vulnerability of the CoreMedia component in operating systems such as MacOs, iPadOS, VisionOS, iOS, WatchOS, and tvOS allows a hacker to trigger a service failure.

The vulnerability of the CoreMedia component in operating systems such as MacOs, iPadOS, VisionOS, iOS, WatchOS, and tvOS is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

DRUPAL-CONTRIB-2025-015

Open Social is a Drupal distribution for online communities, which ships with a default module to invite users to groups and events. Invites for a specific user can be seen under certain conditions. The issue is mitigated for events by the fact that social\event\max\enroll has to be enabled...

CVE-2025-0376

An XSS vulnerability exists in GitLab CE/EE affecting all versions from 13.3 prior to 17.6.5, 17.7 prior to 17.7.4 and 17.8 prior to 17.8.2 that allows an attacker to execute unauthorized actions via a change page...

CVE-2024-12379

A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes parameter in a Personal Access Token...

Open Social - Moderately critical - Access bypass - SA-CONTRIB-2025-014

Open Social is a Drupal distribution for online communities, which ships with a default optional module sociallanguage to make your platform multilingual. Some site administration configuration does not correctly check access when trying to translate allowing unauthorised people to translate thes...

Open Social - Less critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-015

Open Social is a Drupal distribution for online communities, which ships with a default module to invite users to groups and events. Invites for a specific user can be seen under certain conditions. The issue is mitigated for events by the fact that socialeventmaxenroll has to be enabled...

The vulnerability of the File Parser component in macOS operating systems allows a perpetrator to gain unauthorized access to confidential data.

The vulnerability of the File Parser component in macOS operating systems is related to the unlimited distribution of resources. Exploiting this vulnerability can allow an attacker to gain unauthorized access to confidential data...

GHSA-79V4-65XG-PQ4G Vulnerable OpenSSL included in cryptography wheels

pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20250211.txt. If you are...

DEBIAN-CVE-2025-24807

eprosima Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. Prior to versions 2.6.10, 2.10.7, 2.14.5, 3.0.2, 3.1.2, and 3.2.0, per design, PermissionsCA is not full chain validated, nor is the expiration date validated. Access contro...

CVE-2025-24976 Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT

Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a...

CVE-2025-24976

Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an untrusted signing key in a...

eProsima Fast DDS 数据伪造问题漏洞

eProsima Fast DDS is the C++ implementation of eProsima's OMG Object Management Group DDS Data Distribution Service standard. A data forgery issue vulnerability exists in eProsima Fast DDS versions prior to 3.2.0, which stems from PermissionsCAs that are not validated for full chain validation an...

Distribution 安全漏洞

Distribution is Distribution's open source toolset for packaging, shipping, storing and delivering content. A security vulnerability exists in Distribution versions 3.0.0-beta.1 through 3.0.0-rc.2, which stems from a vulnerability that allows an attacker to inject an untrusted signing key into a...

The vulnerability of the Kibana data visualization service, related to unlimited resource distribution, allows a perpetrator to cause a service failure.

The vulnerability of the Kibana data visualization service is related to the unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause a service failure by sending a specially crafted request...

UBUNTU-CVE-2024-10383

An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6,...

CVE-2024-10383 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab VSCode Fork

An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6,...

The vulnerability of the Firewall component of the MySQL Enterprise Firewall software allows a hacker to induce a service failure.

The vulnerability of the MySQL Enterprise Firewall component is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause downtime or service failures using the MySQL network protocol...

CVE-2022-33174

Power Distribution Units running on Powertek firmware multiple brands before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an emp...

[SECURITY] [DSA 5858-1] firefox-esr security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5858-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 05, 2025 https://www.debian.org/security/faq -...