665 matches found
UBUNTU-CVE-2020-36659
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-160...
CVE-2020-36658
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix...
CVE-2022-46792
Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are 2.10.2, 2.11.3, 2.12.1, 2.13.2, 2.14.1, and 2.15.2. Versions before 2.10.0 are unaffected...
Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-5633-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5633-1 advisory. It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of-...
SUSE-SU-2022:2614-2 Security update for dwarves and elfutils
This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 jscSLE-24501: - elfclassify: New tool to analyze ELF objects. - readelf: Print DWATdatamemberlocation as decimal offset. Decode DWATdiscrlist block attributes. - libdw: Add DWATGNUnumerator,...
[SECURITY] Fedora 36 Update: golang-github-ledisdb-0.6-6.20210112gitd35789e.fc36
Ledisdb is a high-performance NoSQL database library and server written in Go. It's similar to Redis but store data in disk. It supports many data structures including kv, list, hash, zset, set. LedisDB now supports multiple different databases as backends...
Important: kernel
Issue Overview: Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend...
DEBIAN-CVE-2020-16093
In LemonLDAP::NG aka lemonldap-ng through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used...
Sensitive Information Disclosure
Xen is vulnerable to Sensitive Information Disclosure. Linux block table does not zero memory regions before sharing with the backend, leading to information disclosure. Additionally, the grant table only shares 4k pages, leading to unrelated data from different backends residing in the same page...
UBUNTU-CVE-2022-33741
Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...
NestJS Proxy 信息泄露漏洞
NestJS Proxy is a Finastra open source NestJS module for decorating and proxying calls. A security vulnerability exists in NestJS Proxy versions prior to 0.7.0 that stems from the nestjs-proxy library's inability to control when an authorization header should be forwarded for a specific backend...
PT-2022-19455 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 Description: The implementation of tf.raw ops.SpaceToBatchND is vulnerable to an integer overflow. Thi...
NewStart CGSL MAIN 6.02 : sane-backends Vulnerability (NS-SA-2022-0058)
The remote NewStart CGSL host, running version MAIN 6.02, has sane-backends packages installed that are affected by a vulnerability: - A NULL pointer dereference in saneiepsonnetread in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to caus...
EulerOS 2.0 SP8 : sane-backends (EulerOS-SA-2022-1587)
According to the versions of the sane-backends packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to re...
Huawei EulerOS: Security Advisory for sane-backends (EulerOS-SA-2022-1587)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-24837
HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes an...
CVE-2022-24837 Enumerable upload file names in hedgedoc
HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes an...
Huawei EulerOS: Security Advisory for sane-backends (EulerOS-SA-2022-1362)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : sane-backends (EulerOS-SA-2022-1362)
According to the versions of the sane-backends packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to...
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5338-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5338-1 advisory. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1...