Code injection

An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

pcs security update

0.10.15-4.0.1.el88.1 - Replace HAM-logo.png with a generic one 0.10.15-4.el88.1 - Fix displaying differences between configuration checkpoints in pcs config checkpoint diff command - Fix pcs stonith update-scsi-devices command which was broken since Pacemaker-2.1.5-rc1 - Updated bundled rubygem...

deployAndExecute() function in Factory should be payable

Lines of code Vulnerability details deployAndExecute function in Factory should be payable The deployAndExecute function fails to consider ETH payments that may need to be forwarded to the wallet's execute function. Impact The deployAndExecute function present in the AmbireAccountFactory can be...

USN-6105-2 ca-certificates update

USN-6105-1 updated ca-certificates. This provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.60 version o...

USN-6105-1 ca-certificates update

The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.60 version of the Mozilla certificate authority bundle...

GHSA-8J28-34QQ-GMCH Apache Sling Commons JSON bundle vulnerable to Improper Input Validation

Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The org.apache.sling.commons.json bundle has been...

CVE-2022-47937 Multiple parsing problems in the Apache Sling Commons JSON module

Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. The org.apache.sling.commons.json bundle has been deprecated as of March 2017 and should not be used anymore. Consumers are encouraged to conside...

CVE-2022-47937

CVE-2022-47937 concerns the Apache Sling Commons JSON bundle. The vulnerability arises from improper input validation in the org.apache.sling.commons.json component, allowing a network attacker to trigger unexpected errors by sending specially crafted input. The bundled library is deprecated (sin...

CVE-2022-47937 Multiple parsing problems in the Apache Sling Commons JSON module

Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. The org.apache.sling.commons.json bundle has been deprecated as of March 2017 and should not be used anymore. Consumers are encouraged to conside...

PT-2023-23178 · Collabora · Collabora Online

Name of the Vulnerable Software and Affected Versions: Collabora Online versions prior to 22.05.13 Collabora Online versions prior to 21.11.9 Collabora Online versions prior to 6.4.27 Description: This issue describes a reflected XSS vulnerability with full CSP bypass in Nextcloud installations...

PT-2023-15535 · Apache · Apache Sling Commons Json

Name of the Vulnerable Software and Affected Versions: Apache Sling Commons JSON bundle affected versions not specified Description: The issue is related to improper input validation, allowing an attacker to trigger unexpected errors by supplying specially-crafted input. The...

Collabora Online 跨站脚本漏洞

Collabora Online is an application from Collabora UK. A powerful LibreOffice-based online office that supports all major document, spreadsheet and presentation file formats. A cross-site scripting vulnerability exists in Collabora Online versions 22.05.13, 21.11.9, and 6.4.27, which stems from th...

CSV Injection

pimcore/customer-management-framework-bundle is vulnerable to CSV Injection. The vulnerability exists because the getExportData function of AbstractExporter.php does not properly escape CSV records in the Firstname, Lastname, Street, Zip & City input fields, which allows an attacker to inject and...

kernel: xfrm_expand_policies() in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice

A flaw was found in the Linux kernel’s IP framework for transforming packets XFRM subsystem. An error while resolving policies in xfrmbundlelookup causes the refcount to drop twice, leading to a possible crash and a denial of service...

kernel: xfrm_expand_policies() in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice

A flaw was found in the Linux kernel’s IP framework for transforming packets XFRM subsystem. An error while resolving policies in xfrmbundlelookup causes the refcount to drop twice, leading to a possible crash and a denial of service...

CVE-2010-2772

creationtimestamp| type| source ---|---|--- 2023-05-05 17:24:10+00:00| seen| https://t.me/jokerplstaeen/16429 2024-02-13 19:17:18+00:00| seen| https://t.me/ctinow/184058 2025-02-06 02:42:29+00:00| seen| Telegram/dhIHklMvD33Tew2u1WOFp8u5gkviinTl7Ybo1wjtK65G60 2025-06-23 06:51:37+00:00| seen|...

Directory Traversal

contao/contao and contao/core-bundle are vulnerable to Directory Traversal. The vulnerability exists in DCFolder.php which allows an attacker to list files outside the document root in the file manager...

UBUNTU-CVE-2023-2006

A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context ...

CVE-2023-1393

creationtimestamp| type| source ---|---|--- 2023-03-31 00:31:47+00:00| seen| https://t.me/cibsecurity/61207 2026-01-21 21:18:16+00:00| seen| https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875...

nss: Arbitrary memory write via PKCS 12

The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled...