106 matches found
CVE-2023-52925 netfilter: nf_tables: don't fail inserts if duplicate has expired
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: don't fail inserts if duplicate has expired nftables selftests fail: run-tests.sh testcases/sets/0044intervaloverlap0 Expected: 0-2 . 0-3, got: W: FAILED ./testcases/sets/0044intervaloverlap0: got 1 Insertion...
CVE-2024-29891
ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it is an image to gain access to the victim's account in certain scenarios. A possible victim would need to directly open the supposed image in th...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a a denial of service in PyTorch [CVE-2024-31583]
Summary IBM Watson Speech Services Cartridge is vulnerable to a a denial of service in PyTorch, caused by a use-after-free flaw in the torch/csrc/jit/mobile/interpreter.cpp component. CVE-2024-31583. PyTorch is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please re...
RHSA-2025:0377 Red Hat Security Advisory: Security and bug fixes for NetworkManager
Bulletin has no description...
SUSE-SU-2024:4301-1 Security update for nodejs18
This update for nodejs18 fixes the following issues: - CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency bsc1233856 Other fixes: - Update to 18.20.5 esm: mark import attributes and JSON module as stable deps: + upgrade npm to 10.8.2 + update simdutf to 5.6.0 +...
BELL-CVE-2024-50017
Bulletin has no description...
RHSA-2017:3485 Red Hat Security Advisory: rh-ruby24-ruby security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2010:0958 Red Hat Security Advisory: kernel-rt security and bug fix update
Bulletin has no description...
OPENSUSE-SU-2024:13223-1 libmca_common_dstore1-3.2.3-11.1 on GA media
These are all security issues fixed in the libmcacommondstore1-3.2.3-11.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12995-1 librnp0-0.16.3-1.1 on GA media
These are all security issues fixed in the librnp0-0.16.3-1.1 package on the GA media of openSUSE Tumbleweed...
GHSA-65PC-76PQ-PVF5 Duplicate Advisory: Pebble service manager's file pull API allows access by any user
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4685-2x5r-65pj. This link is maintained to preserve external references. Original Description It was discovered that Pebble's read-file API and the associated pebble pull command, before v1.10.2, allowed...
SUSE-SU-2023:4736-1 Security update for tiff
This update for tiff fixes the following issues: - CVE-2023-2731: Fix null pointer deference in LZWDecode bsc1211478. - CVE-2023-1916: Fix out-of-bounds read in extractImageSection bsc1210231. - CVE-2023-26965: Fix heap-based use after free in loadImage bsc1212398. - CVE-2022-40090: Fix infinite...
Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution
Atlassian has released software fixes to address four critical flaws in its software that, if successfully exploited, could result in remote code execution. The list of vulnerabilities is below - CVE-2022-1471 CVSS score: 9.8 - Deserialization vulnerability in SnakeYAML library that can lead to...
MGASA-2023-0327 Updated mariadb packages fix a security vulnerability
Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL Server. Additonally a whole bunch of fixes to InnoDB, Replication, Optimizer, Galera, Spider, Backup,... have been applied. See the official release not...
SA40054 - 2015-09: Security Advisory: Secure Meeting (Pulse Collaboration) issue may allow authenticated users to bypass meeting authorization (CVE-2015-7323)
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. An authorization bypass issue has been discovered in Secure Meeting Pulse Collaboration. This issue could allow an authenticated user to log into meetings that they do not have...
Security Bulletin: IBM Sterling Order Management Jave vulnerability
Summary Java SE related to the 2D component could allow a remote attacker Vulnerability Details CVEID:CVE-2014-0459 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the 2D component could allow a remote attacker to cause a denial of service. CVSS Base score: 4.3 CVSS Tempora...
PT-2022-8237 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: No vulnerable software or affected versions specified. Description: The provided information does not contain details about a specific vulnerability. It appears to be a notification about a rejected CVE candidate number, CVE-2019-20283, with ...
OPENSUSE-SU-2022:10073-1 Security update for chromium
This update for chromium fixes the following issues: Chromium was updated to 103.0.5060.134 boo1201679: CVE-2022-2477 : Use after free in Guest View CVE-2022-2478 : Use after free in PDF CVE-2022-2479 : Insufficient validation of untrusted input in File CVE-2022-2480 : Use after free in Service...
SUSE-SU-2022:0930-2 Security update for qemu
This update for qemu fixes the following issues: - CVE-2022-0358: Fixed a potential privilege escalation via virtiofsd bsc1195161. - CVE-2021-3930: Fixed a potential denial of service in the emulated SCSI device bsc1192525. Non-security fixes: - Fixed a kernel data corruption via a long kernel bo...
OPENSUSE-SU-2022:0114-1 Security update for chromium
This update for chromium fixes the following issues: Updated Chromium to 100.0.4896.127 boo1198509 - CVE-2022-1364: Type Confusion in V8 - Various fixes from internal audits, fuzzing and other initiatives...