2496 matches found
ROS-20240402-09
A vulnerability in the loginpassword component of the FreeIpa server is related to sending user requests, that can perform actions on behalf of the user. Exploitation of the vulnerability could allow An attacker acting remotely to cause a loss of system confidentiality and integrity...
CVE-2024-29489
Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecmagetobjecttype...
SUSE CVE-2024-2494
A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the gnew0 function results in a crash due to the negative length being...
SUSE CVE-2024-27936
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41.0 of the deno library, maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request...
SUSE CVE-2024-2611
A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...
[SECURITY] Fedora 38 Update: mingw-expat-2.6.1-1.fc38
This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...
CVE-2024-22412
ClickHouse is an open-source column-oriented database management system. A bug exists in the cloud ClickHouse offering prior to version 24.0.2.54535 and in github.com/clickhouse/clickhouse version 23.1. Query caching bypasses the role based access controls and the policies being enforced on roles...
CVE-2024-23672 vulnerabilities
Vulnerabilities for packages: tomcat...
SUSE CVE-2023-52514
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
cups: heap buffer overflow may lead to DoS
A flaw was found in the Cups package. A buffer overflow vulnerability in the |formatlogline| function could allow remote attackers to cause a denial of service. Exploitation is only possible when the configuration file, cupsd.conf, has the value of loglevel set to DEBUG...
GHSA-MRWW-27VC-GGHV vulnerabilities
Vulnerabilities for packages: kine, src, caddy, spicedb, step, argo-workflows, kots, temporal-server, trillian, k3s, kube-bench, step-ca, amass, ferretdb...
SUSE CVE-2024-25081
Splinefont in FontForge through 20230101 allows command injection via crafted filenames...
SUSE CVE-2022-48624
closealtfile in filename.c in less before 606 omits shellquote calls for LESSCLOSE...
SUSE CVE-2024-20925
unknown...
GHSA-XR7R-F8XQ-VFVV vulnerabilities
Vulnerabilities for packages: ctop, cadvisor, buildkitd, podman, runc, newrelic-infrastructure-agent, zot, grype, nerdctl, k3s, kubernetes, kubescape, zarf, skopeo, skaffold, k3d, wolfictl, docker, kaniko, kots, syft, datadog-agent, k9s, trivy...
Moderate: Red Hat Security Advisory: python3.9 security update
An update for python3.9 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
Moderate: python3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
SUSE CVE-2023-35057
An integer overflow vulnerability exists in the LXT2 lxt2rdtrace value elements allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability...
CVE-2022-3328
Race condition in snap-confine's mustmkdirandopenwithperms...
CVE-2023-43813
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue...