golang: html/template: improper handling of JavaScript whitespace

A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...

webkitgtk: processing malicious web content may lead to arbitrary code execution

A vulnerability was found in webkitgtk. This issue occurs when processing web content, which may lead to arbitrary code execution...

SUSE CVE-1999-0636

The discard service is running...

CVE-2023-38198

acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023...

Updated httpie packages fix security vulnerability

Cookie exposure to third parties CVE-2022-24737...

c-ares: 0-byte UDP payload Denial of Service

A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service...

CVE-2023-29402 vulnerabilities

Vulnerabilities for packages: policy-controller, falco, kind...

curl: HSTS ignored on multiple requests

A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity...

git security update

1.8.3.1-25 - Fixes CVE-2023-25652 and CVE-2023-29007 - Resolves: 2188354, 2188365...

qt5-qttools bug fix and enhancement update

An update is available for qt5-qttools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

php: OOB read due to insufficient input validation in imageloadfont()

An out-of-bounds read flaw was found in PHP due to insufficient input validation in the imageloadfont function. This flaw allows a remote attacker to pass specially crafted data to the web application, trigger an out-of-bounds read error, and read the contents of memory on the system...

CVE-2023-31618

An issue in the sqlcuniondtwrap component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

bind: sending specific queries to the resolver may cause a DoS

A flaw was found in Bind. When resolver receives many queries requiring recursion, there will be a corresponding increase in the number of clients waiting for recursion to complete. This may, under certain conditions, lead to an assertion failure and a denial of service...

IBM AIX 操作系统命令注入漏洞

IBM AIX Advanced Interactive eXecutive is a UNIX operating system developed by IBM. IBM AIX has a command execution vulnerability that can be exploited by an attacker to execute arbitrary commands...

CVE-2023-23914 affecting package curl 7.86.0-3

CVE-2023-23914 affecting package curl 7.86.0-3. An upgraded version of the package is available that resolves this issue...

CVE-2023-24537

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow...

CVE-2023-24536

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount ...

CVE-2023-25617 OS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server)

SAP Business Object Adaptive Job Server - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the...

SUSE CVE-2004-0381

mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file...

SUSE CVE-2005-3148

StoreBackup before 1.19 does not properly set the uid and guid for symbolic links 1 that are backed up by storeBackup.pl, or 2 recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership...