661 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-28713
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rogue backends can cause DoS of guests via high frequency events This CNA information record relates to multiple CVEs; the text explains which...
Linux Distros Unpatched Vulnerability : CVE-2021-28712
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rogue backends can cause DoS of guests via high frequency events This CNA information record relates to multiple CVEs; the text explains which...
Linux Distros Unpatched Vulnerability : CVE-2020-12862
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important informatio...
GHSA-J7JW-28JM-WHR6 lakeFS allows an authenticated user to cause a crash by exhausting server memory
Impact An authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. Patches This problem has been patched and exists in versions 1.49.1 and below Workarounds On S3 backends, configure yaml ... blockstore: s3: disablepresignedmultipart: true...
lakeFS allows an authenticated user to cause a crash by exhausting server memory
Impact An authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. Patches This problem has been patched and exists in versions 1.49.1 and below Workarounds On S3 backends, configure yaml ... blockstore: s3: disablepresignedmultipart: true...
CVE-2025-24961 Insecure path traversal in filesystem and filesystem-nio2 storage backends in org.gaul S3Proxy
org.gaul S3Proxy implements the S3 API and proxies requests. Users of the filesystem and filesystem-nio2 storage backends could unintentionally expose local files to users. This issue has been addressed in version 2.6.0. Users are advised to upgrade. There are no known workarounds for this...
PYSEC-2024-158
Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...
CVE-2024-21543
Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...
DEBIAN-CVE-2024-21543
Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...
UBUNTU-CVE-2024-21543
Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...
Authentication Bypass
Overview djoser is a REST implementation of Django authentication system. Affected versions of this package are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid...
CVE-2024-45402
Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls specifically, bindings within picotls that call the crypto libraries may attempt to free the same memory twice. This double free occu...
CVE-2024-45402 Picotls double free
Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls specifically, bindings within picotls that call the crypto libraries may attempt to free the same memory twice. This double free occu...
CVE-2024-45402
CVE-2024-45402 describes a double free in Picotls when parsing a spoofed TLS handshake, specifically in bindings that call crypto libraries. The issue causes the same memory to be freed twice during disposal of multiple objects with no intervening malloc, potentially triggering malloc abort and, ...
RHSA-2021:1744 Red Hat Security Advisory: sane-backends security update
Bulletin has no description...
RHSA-2020:3045 Red Hat Security Advisory: sane-backends security update
Bulletin has no description...
RHSA-2020:2967 Red Hat Security Advisory: sane-backends security update
Bulletin has no description...
RHSA-2020:2902 Red Hat Security Advisory: sane-backends security update
Bulletin has no description...
CLSA-2024-1724706840 httpd: Fix of 8 CVEs
CVE-2024-38474: modrewrite: server weakness with encoded question marks in backreferences - CVE-2024-38475: modrewrite: server weakness in modrewrite when first segment of substitution matches filesystem path - CVE-2024-38477: modproxy: crash resulting in Denial of Service in modproxy via a...
Open edX Platform 安全漏洞
Open edX Platform is an open source course management system CMS from Open edX Open Source. The system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. A security vulnerability exists in Open edX Platform that stems from the fact that for certain...