345 matches found
Medium: python-jinja2
Issue Overview: Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter...
Important: runc
Issue Overview: AWS is aware of CVE-2024-21626, an issue affecting the runc component of several open source container management systems. Under certain conditions, an actor could leverage a specially crafted container or container configuration to access files or directories outside the...
Medium: containerd
Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...
Important: bluez
Issue Overview: bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution CVE-2023-45866 Affected Packages: bluez Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL...
Medium: ruby
Issue Overview: An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc. CVE-2021-31799 Affected Packages: ruby Note:...
Important: python3.9
Issue Overview: An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers such as HTTP servers that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer...
Medium: libtiff
Issue Overview: LibTIFF 4.4.0 has an out-of-bounds write in TIFFmemcpy in libtiff/tifunix.c:346 when called from extractImageSection, tools/tiffcrop.c:6826, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available...
SUSE-SU-2023:3006-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information bsc1213286. - CVE-2023-2985:...
ROS-2-2146
2.2146 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...
ROS-2-2216
2.2216 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...
Important: perl-Pod-Perldoc
Issue Overview: HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. CVE-2023-31486 Affected Packages: perl-Pod-Perldoc Issue Correction: Run dnf update perl-Pod-Perldoc...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. A malicious person could exploit the vulnerabilities to cause a denial-of-service cause or potentially execute arbitrary code in the context of the browser. As usual, Google released little further substantive information released. Google has released...
Vulnerability fixed in Google Chrome
A vulnerability has been fixed in Google Chrome. A malicious party could potentially exploit the vulnerability to execute arbitrary code under a user's privileges. To do this, the malicious party must induce the victim to visit a malicious web page to visit. As usual, Google has published few...
PT-2022-33638 · Linux · Kvm
Name of the Vulnerable Software and Affected Versions: KVM versions prior to v5.19.2 Description: The issue concerns the KVM's nVMX snapshot pre-VM-Enter DEBUGCTL for the !nested run pending case. The actual impact and attack plausibility have not yet been proven. Recommendations: For versions...
SUSE-SU-2022:1105-1 Security update for util-linux
This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. bsc1194642 - Prevent root owning of /var/lib/libuuid/clock.txt. bsc1194642 - Warn if uuidd lock state is not usable. bsc1194642...
Important: kernel
Issue Overview: A logic bug flaw was found in the Linux kernel's implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced...
Mageia: Security Advisory (MGASA-2016-0359)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2013-0204)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Enhancement Advisory: python-rtslib bug fix and enhancement update
An update for python-rtslib is now available for Red Hat Enterprise Linux 8. For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section...
Vulnerability fixed in PostgreSQL jdbc driver
A vulnerability has been fixed in the PostgreSQL jdbc driver for Java. The so-called XML external-entity vulnerability XXE allows a locally authenticated malicious person to execute arbitrary code execute arbitrary code under database privileges. -= Red Hat =- Red Hat has made updates available f...