EUVD-2022-53402

Malicious code in bioql PyPI...

CLSA-2025-1757409276 mpfr: Fix of CVE-2014-9474

CVE-2014-9474: Fix of a buffer overflow due to incorrect GMP documentation for mpnsetstr...

mpfr: buffer overflow in mpfr_strtofr

Buffer overflow in the mpfrstrtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpnsetstr...

USN-6943-1 tomcat8, tomcat9 vulnerabilities

It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected tomcat8 for Ubuntu 18.04 LTS CVE-2020-9484 It was discovered that Tomcat...

Design/Logic Flaw

The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...

PT-2023-5203 · Apache · Apache Airflow Hdfs Provider

Name of the Vulnerable Software and Affected Versions: Apache Airflow HDFS Provider versions prior to 4.1.1 Description: The issue is related to the Apache Airflow HDFS Provider, where a documentation error pointed users to an incorrect pip package. This package name was unclaimed, potentially...

SUSE CVE-2018-5741

To provide fine-grained controls over the ability to use Dynamic DNS DDNS to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update...

GHSA-372Q-33VH-8MPC Inconsistent documentation in Apache Tomcat

As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a...

GHSA-R84P-88G2-2VX2 Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide...

USN-5344-1 libdbd-mysql-perl vulnerabilities

It was discovered that the DBD::mysql module, when configured with server-side prepared statement support, was susceptible to operations that would result in improper memory access. An attacker could possibly use this issue to cause DBD::mysql to crash, resulting in a denial of service...

SUSE SLES11 Security Update : bind (SUSE-SU-2020:14400-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14400-1 advisory. - To provide fine-grained controls over the ability to use Dynamic DNS DDNS to update records in a zone, BIND 9 provides a feature called...

ALPINE-CVE-2018-5741

To provide fine-grained controls over the ability to use Dynamic DNS DDNS to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update...

UBUNTU-CVE-2018-5741

To provide fine-grained controls over the ability to use Dynamic DNS DDNS to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update...

CVE-2018-5741 Update policies krb5-subdomain and ms-subdomain do not enforce controls promised in their documentation

To provide fine-grained controls over the ability to use Dynamic DNS DDNS to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update...

ISC BIND 9 krb5-subdomain and ms-subdomain update policy vulnerability

ISC BIND is the United States Internet Systems Consortium ISC company maintains a set of open source software that implements the DNS protocol. To provide fine-grained control over the ability to update records in a zone using Dynamic DNS DDNS, BIND provides a feature called update-policy. Variou...

PT-2017-14152 · Apache +3 · Apache Tomcat +3

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 9.0.0.M22 through 9.0.1 Apache Tomcat versions 8.5.16 through 8.5.23 Apache Tomcat versions 8.0.45 through 8.0.47 Apache Tomcat versions 7.0.79 through 7.0.82 Description: The issue concerns the documentation of the...

DEBIAN-CVE-2014-9474

Buffer overflow in the mpfrstrtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpnsetstr...

GLSA-200912-02 : Ruby on Rails: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200912-02 Ruby on Rails: Multiple vulnerabilities The following vulnerabilities were discovered: sameer reported that lib/actioncontroller/cgiprocess.rb removes the :cookieonly attribute from the default session options...