Lucene search
K

3153 matches found

OSV
OSV
added 2023/09/14 8:15 p.m.5 views

AZL-28777 CVE-2023-32643 affecting package glib for versions less than 2.71.0-4

A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initi...

7.8CVSS7AI score0.00399EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2023/08/30 12:0 a.m.33 views

electron24 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4427. Security: backported fix for CVE-2023-4428. Security: backported fix for CVE-2023-4430. Security: backported fix for CVE-2023-4572...

8.8CVSS8.4AI score0.3398EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2023/08/30 12:0 a.m.29 views

electron22 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4427. Security: backported fix for CVE-2023-4428...

8.1CVSS8.7AI score0.3398EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/07/31 10:2 p.m.12 views

Silverstripe has Cross-site Scripting (XSS) vulnerabilities inherited from TinyMCE

TinyMCE 4.x is vulnerable to several XSS vectors, which had been patched in later versions. Two of these have been identified as affecting silverstripe/admin. Only Silverstripe CMS 4 is affected by this issue. It's not possible to upgrade Silverstripe CMS 4 to use a more recent release of TinyMCE...

6.2AI score
Exploits0References5Affected Software1
FreeBSD
FreeBSD
added 2023/07/12 12:0 a.m.33 views

electron22 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3422. Security: backported fix for CVE-2023-3421. Security: backported fix for CVE-2023-3420...

8.8CVSS7AI score0.56192EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2023/06/14 12:0 a.m.48 views

electron24 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-3079. Security: backported fix for CVE-2023-2933. Security: backported fix for CVE-2023-2932. Security: backported fix for CVE-2023-2931. Security: backported fix for CVE-2023-2936...

8.8CVSS7AI score0.32724EPSS
Exploits4References8
FreeBSD
FreeBSD
added 2023/06/14 12:0 a.m.38 views

electron23 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-2724. Security: backported fix for CVE-2023-2725. Security: backported fix for CVE-2023-2721. Security: backported fix for CVE-2023-3079. Security: backported fix for CVE-2023-2933...

8.8CVSS7AI score0.32724EPSS
Exploits5References11
FreeBSD
FreeBSD
added 2023/06/14 12:0 a.m.38 views

electron22 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-2724. Security: backported fix for CVE-2023-2723. Security: backported fix for CVE-2023-2725. Security: backported fix for CVE-2023-2721. Security: backported fix for CVE-2023-3079...

8.8CVSS7AI score0.32724EPSS
Exploits5References11
UbuntuCve
UbuntuCve
added 2023/06/07 12:0 a.m.28 views

CVE-2023-32636

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect gli...

7.5CVSS6.8AI score0.0078EPSS
Exploits0References4
OSV
OSV
added 2023/06/01 3:0 p.m.6 views

CLSA-2023-1685631644 dhcp: Fix of 2 CVEs

CVE-2022-2928: option refcount overflow when leasequery is enabled leading to dhcpd abort - CVE-2022-2929: DHCP memory leak - Backported tests from upstream, for this and other CVEs...

6.5CVSS5.9AI score0.00664EPSS
Exploits0References1
OSV
OSV
added 2023/06/01 2:27 p.m.6 views

CLSA-2023-1685629665 dhcp: Fix of 2 CVEs

CVE-2022-2928: option refcount overflow when leasequery is enabled leading to dhcpd abort - CVE-2022-2929: DHCP memory leak - Backported tests from upstream, for this and other CVEs...

6.5CVSS6.8AI score0.00664EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/05/18 12:12 p.m.53 views

Moderate: Red Hat Security Advisory: Red Hat build of Cryostat 2.3.0: new RHEL 8 container images

New Red Hat build of Cryostat 2.3.0 on RHEL 8 container images are now available New Red Hat build of Cryostat 2.3.0 on RHEL 8 container images have been released, adding a variety of features and bug fixes. Users of the Red Hat build of Cryostat 2.2.1 on RHEL 8 container images are advised to...

7.5CVSS6.8AI score0.04561EPSS
Exploits0References8
NVD
NVD
added 2023/04/08 11:15 p.m.13 views

CVE-2023-30450

rpk in Redpanda before 23.1.2 mishandles the redpanda.rpcservertls field, leading to for example situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure while a cluster is turned off in order to have TLS on broker RPC ports...

4.3CVSS4.6AI score0.00594EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2023/03/28 3:41 a.m.3 views

Apple Issues Urgent Security Update for Older iOS and iPadOS Models

Apple on Monday backported fixes for an actively exploited security flaw to older iPhone and iPad models. The issue, tracked as CVE-2023-23529 , concerns a type confusion bug in the WebKit browser engine that could lead to arbitrary code execution. It was originally addressed by the tech giant wi...

8.8CVSS6.8AI score0.09426EPSS
Exploits0
Mageia
Mageia
added 2023/03/18 10:16 p.m.59 views

Updated heimdal packages fix security vulnerability

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to b...

7.5CVSS2.2AI score0.00491EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/03/08 4:1 a.m.5 views

SUSE CVE-2022-45142

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and possibly other branches a logic inversion sneaked...

7.5CVSS6.6AI score0.00491EPSS
Exploits0References3
OSV
OSV
added 2023/03/06 11:15 p.m.6 views

AZL-25604 CVE-2022-45142 affecting package heimdal for versions less than 7.7.1-2

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and possibly other branches a logic inversion sneaked...

7.5CVSS6.8AI score0.00491EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/02/20 12:40 p.m.41 views

Important: Red Hat Security Advisory: Red Hat build of Cryostat security update

Updated Cryostat 2 on RHEL 8 container images are now available The Cryostat 2 on RHEL 8 container images have been updated to fix "CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key" and to address the following security advisory: RHSA-2023:0625 see References Users of...

9.3CVSS7.4AI score0.02737EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:18 a.m.5 views

SUSE CVE-2005-0757

The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service system crash via certain actions on an ext3 file system with extended attributes enabled...

2.1CVSS6.4AI score0.00377EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.2 views

SUSE CVE-2017-1000394

Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins...

7.5CVSS7.7AI score0.01146EPSS
Exploits0References3
Rows per page
Query Builder