664 matches found
BIT-SUPERSET-2023-42501 Apache Superset: Unnecessary read permissions within the Gamma role
Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run superset init to reconstruct the Gamma role or remove canre...
CVE-2025-22828
CloudStack users can add and read comments annotations on resources they are authorised to access. Due to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments annotations to suc...
CVE-2025-22828
CVE-2025-22828 affects Apache CloudStack 4.16.0 and later. An access validation issue lets users with access or prior knowledge of resource UUIDs list or add comments (annotations) on resources they are authorized to access, potentially reading or injecting comments that could disclose privileged...
CVE-2025-22828 Apache CloudStack: Unauthorised access to annotations
CloudStack users can add and read comments annotations on resources they are authorised to access. Due to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments annotations to suc...
CVE-2025-22828 Apache CloudStack: Unauthorised access to annotations
CloudStack users can add and read comments annotations on resources they are authorised to access. Due to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments annotations to suc...
[SECURITY] Fedora 40 Update: php-tcpdf-6.8.0-1.fc40
PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...
[SECURITY] Fedora 41 Update: php-tcpdf-6.8.0-1.fc41
PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...
PT-2025-34631 · Libbiosig +1 · Libbiosig +1
Name of the Vulnerable Software and Affected Versions: libbiosig versions 3.9.0 and Master Branch 35a819fa Description: A heap-based buffer overflow vulnerability exists in the ISHNE parsing functionality. A specially crafted ISHNE ECG annotations file can lead to arbitrary code execution. An...
UBUNTU-CVE-2024-56676
In the Linux kernel, the following vulnerability has been resolved: thermal: testing: Initialize some variables annoteded with free Variables annotated with free need to be initialized if the function can return before they get updated for the first time or the attempt to free the memory pointed ...
Misskey 安全漏洞
Misskey is a permanently free open source federated social media platform from Misskey Open Source. A security vulnerability exists in Misskey version 2024.10.1 and earlier, which stems from an undetected proxy loop that allows a remote participant to perform a self-propagating...
kernel: packet: annotate data-races around ignore_outgoing
In the Linux kernel, the following vulnerability has been resolved: packet: annotate data-races around ignoreoutgoing ignoreoutgoing is read locklessly from devqueuexmitnit and packetgetsockopt Add appropriate READONCE/WRITEONCE annotations. syzbot reported: BUG: KCSAN: data-race in devqueuexmitn...
[SECURITY] Fedora 41 Update: php-tcpdf-6.7.7-1.fc41
PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...
[SECURITY] Fedora 39 Update: php-tcpdf-6.7.7-1.fc39
PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...
jetty-annotations-9.4.56-2.1 on GA media (moderate)
jetty-annotations-9.4.56-2.1 on GA media Announcement ID: openSUSE-SU-2024:14408-1 Rating: moderate Cross-References: CVE-2024-8184 CVSS scores: CVE-2024-8184 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2024-8184 SUSE : 6.9...
OPENSUSE-SU-2024:14408-1 jetty-annotations-9.4.56-2.1 on GA media
These are all security issues fixed in the jetty-annotations-9.4.56-2.1 package on the GA media of openSUSE Tumbleweed...
This Week in Spring - October 8th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Antwerp, Belgium, for the amazing Devoxx Belgium 2024 event! I am so happy to be back here, one of the best shows in the Java ecosystem! We've got a lot to get into so let's dive right in! From Spring Cloud Data Flow...
From Spring Framework 6.2 to 7.0
Dear Spring community, Spring Framework 6.2 is shaping up for general availability in November 2024, with particularly significant revisions in the core container and in our web support: see "What's New in Spring Framework 6.2". This release is designed for use with JDK 17-23 and Jakarta EE 9-10...
This Week in Spring - September 3rd, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's September 3rd, and I'm still buzzing from the last week's SpringOne extravaganza! Also: I'm tired. Last week was nuts. I'm super glad it happened, but I'm tired. And also buzzing. You know? Surely you don't. I hope not...
GO-2023-2079 Specific Cilium configurations vulnerable to DoS via Kubernetes annotations in github.com/cilium/cilium
Specific Cilium configurations vulnerable to DoS via Kubernetes annotations in github.com/cilium/cilium...
Improper Authorization
org.springframework.security, spring-security-core is vulnerable to Improper Authorization. The vulnerability is caused due to a missing Authorization when using @AuthorizeReturnObject. This allows attacker to render security annotations inaffective...