375 matches found
Important: nodejs20
Issue Overview: Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values...
Important: kernel-livepatch-6.1.94-99.176
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error CVE-2024-41087 Affected Packages: kernel-livepatch-6.1.94-99.176 Issue Correction: Please ensure you have live patching enabled. Run dnf update...
Important: python-jinja2
Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to...
Important: ansible-core
Issue Overview: Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker...
Google Chrome Security Update (stable-channel-update-for-desktop_14-2025-01) - Linux
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
Medium: nodejs
Issue Overview: Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string. CVE-2024-21538 Affected...
Important: dotnet6.0
Issue Overview: .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability CVE-2024-43483 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability CVE-2024-43484 .NET and Visual Studio Denial of Service Vulnerability CVE-2024-43485 Affected Packages: dotnet6.0 Issue...
Important: dotnet8.0
Issue Overview: .NET and Visual Studio Remote Code Execution Vulnerability CVE-2024-38229 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability CVE-2024-43483 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability CVE-2024-43484 .NET and Visual Studio Denial of...
Medium: python-pip
Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...
Security Bulletin: A security vulnerability in WebSphere Application Server Liberty affects IBM Robotic Process Automation which may result in spoofing attacks (CVE-2023-50314)
Summary A security vulnerability in WebSphere Application Server Liberty affects IBM Robotic Process Automation which may result in spoofing attacks. WebSphere Application Liberty is used by IBM Robotic Process Automation as part of Antivirus and Abbyy containers as well as UMS. This bulletin...
Low: unbound
Issue Overview: unbound: NULL Pointer Dereference in Unbound CVE-2024-43167 unbound: Heap-Buffer-Overflow in Unbound CVE-2024-43168 Affected Packages: unbound Issue Correction: Run dnf update unbound --releasever 2023.6.20241111 or dnf update --advisory ALAS2023-2024-760 --releasever...
Important: expat
Issue Overview: libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. Considering the tradeoff between the stability of Amazon Linux and the impact of CVE-2023-52425...
Medium: python-twisted
Issue Overview: Twisted is an event-based framework for internet applications, supporting Python 3.6+. The twisted.web.util.redirectTo function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected...
Medium: openssl
Issue Overview: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers from the client side to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause...
Medium: orc
Issue Overview: Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. CVE-2024-40897...
Low: gdb
Issue Overview: GNU gdb GDB 13.0.50.20220805-git was discovered to contain a stack overflow via the function adadecode at /gdb/ada-lang.c. CVE-2023-39128 GNU gdb GDB 13.0.50.20220805-git was discovered to contain a heap use after free via the function addpeexportedsym at /gdb/coff-pe-read.c...
Low: runc
Issue Overview: runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between t...
KB5046400: Windows Recovery Environment update for Windows 10, version 21H2 and 22H2: October 8, 2024
KB5046400: Windows Recovery Environment update for Windows 10, version 21H2 and 22H2: October 8, 2024 IMPORTANT This update will not be offered if your Windows Recovery Environment WinRE meets any of the following conditions: If the WinRE recovery partition does not have sufficient free space, se...
KB5046399: Windows Recovery Environment update for Windows Server 2022: October 8, 2024
KB5046399: Windows Recovery Environment update for Windows Server 2022: October 8, 2024 IMPORTANT This update will not be offered if your Windows Recovery Environment WinRE meets any of the following conditions: If the WinRE recovery partition does not have sufficient free space, see the NOTE in...
Vulnerability in Tencent WeChat custom browser could lead to remote code execution
Certain versions of WeChat, a popular messaging app created by tech giant Tencent, contain a type confusion vulnerability that could allow an adversary to execute remote code. While this issue, CVE-2023-3420, was disclosed and patched in the V8 engine in June 2023, the WeChat Webview component wa...