24 matches found
PT-2026-56158
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...
PT-2026-56159
Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with ...
PT-2026-56151
Name of the Vulnerable Software and Affected Versions Excelize versions prior to 2.11.0 Description The checkSheet function in the library uses an attacker-controlled XML attribute value directly as the length argument to makexlsxRow, row without validating it against the Excel row limit. A...
Important: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.5.3 release
Red Hat OpenShift distributed tracing platform Jaeger 3.5.3 has been released This release of the Red Hat OpenShift distributed tracing platform Jaeger provides security improvements. Breaking changes: Nothing Deprecations: Nothing Technology Preview features: Nothing Enhancements: Nothing Bug...
MGASA-2025-0211 Updated redis packages fix security vulnerabilities
Updated redis packages to a more recent version to fix security vulnerabilities: Some vulnerabilities have been discovered and fixed. Please note this update is from 7.0 to 7.2 which brings some potentially breaking changes. In most cases this update could be installed without problems. Potential...
Updated redis packages fix security vulnerabilities
Updated redis packages to a more recent version to fix security vulnerabilities: Some vulnerabilities have been discovered and fixed. Please note this update is from 7.0 to 7.2 which brings some potentially breaking changes. In most cases this update could be installed without problems. Potential...
SUSE SLES15 / openSUSE 15 Security Update : grafana (SUSE-SU-2025:01991-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01991-1 advisory. grafana was updated from version 10.4.15 to 11.5.5 jscPED-12918: - Security issues fixed: CVE-2025-4123: Fix cross-site scriptin...
Security update for grafana
This update for grafana fixes the following issues: grafana was updated from version 9.5.18 to 10.4.13 jscPED-11591,jscPED-11649: Security issues fixed: CVE-2024-45337: Prevent possible misuse of ServerConfig.PublicKeyCallback by upgrading golang.org/x/crypto bsc1234554 CVE-2023-3128: Fixed...
SUSE-SU-2025:0545-1 Security update for grafana
This update for grafana fixes the following issues: grafana was updated from version 9.5.18 to 10.4.13 jscPED-11591,jscPED-11649: - Security issues fixed: CVE-2024-45337: Prevent possible misuse of ServerConfig.PublicKeyCallback by upgrading golang.org/x/crypto bsc1234554 CVE-2023-3128: Fixed...
Simulation of Wasmd message can cause crashing
CWA-2024-009 Severity Low Marginal + Likely^1 Affected versions: - wasmd 0.53.1 Patched versions: - wasmd 0.53.2 please note that wasmd 0.53.1 is broken and must not be used Description of the bug Blank for now. We'll add more detail once chains had a chance to upgrade. Mitigations Apart from...
Fedora 40 : uv (2024-075f626765)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-075f626765 advisory. Update uv from 0.4.30 to 0.5.5. This is a significant update. Please see the following notes. ---- By updating to a current release of uv, this update fixes...
SUSE CVE-2024-51744
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...
Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes
Impact One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the node component using the nodeProps prop. Note: The attributes prop that is typically rendered alongside nodeProps is...
GHSA-494H-9924-XWW9 Pterodactyl Wings vulnerable to improper isolation of server file access
Impact This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside of a server's base directory sandbox root is...
SUSE: Security Advisory (SUSE-SU-2023:3867-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-2HM9-H873-PGQH OpenFGA Vulnerable to DoS from circular relationship definitions
Overview OpenFGA is vulnerable to a DoS attack when certain Check calls are executed against authorization models that contain circular relationship definitions. When the call is made, it's possible for the server to exhaust resources and die. Am I Affected? Yes, if your store contains an...
SUSE-SU-2023:3868-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Security issues fixed: CVE-2022-32149: Fix denial of service vulnerability bsc1204501 CVE-2022-41723: Fix uncontrolled resource consumption bsc1208270 CVE-2022-46146: Fix authentication bypass vulnarability...
SUSE-SU-2023:3867-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Security issues fixed: CVE-2022-32149: Fix denial of service vulnerability bsc1204501 CVE-2022-41723: Fix uncontrolled resource consumption bsc1208270 CVE-2022-46146: Fix authentication bypass vulnarability...
RUSTSEC-2022-0070 Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code
Because of incorrect bounds on method Secp256k1::preallocatedgennew it was possible to cause use-after-free from safe consumer code. It was also possible to "free" memory not allocated by the appropriate allocator. The method takes a place for storing the context as a mutable reference and return...
PT-2022-24912 · Openfga · Openfga
Name of the Vulnerable Software and Affected Versions: OpenFGA versions prior to 0.2.4 Description: OpenFGA is an authorization/permission engine. The issue concerns authorization bypass under certain conditions, specifically when a relation is defined as a tupleset involving anything other than ...