13681 matches found
CVE-2024-24199
smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/dns.c...
CVE-2025-24903 libsignal-service-rs Doesn't Check Origin of Sync Messages
libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user...
CVE-2025-24903 libsignal-service-rs Doesn't Check Origin of Sync Messages
libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user...
CVE-2025-25189
The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...
MGASA-2025-0058 Updated subversion packages fix security vulnerability
Insufficient validation of filenames against control characters in Apache Subversion repositories served via moddavsvn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. CVE-2024-46901...
AZL-79122 CVE-2025-25199 affecting package golang 1.25.7-1
go-crypto-winnative Go crypto backend for Windows using Cryptography API: Next Generation CNG. Prior to commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41, calls to cng.TLS1PRF don't release the key handle, producing a small memory leak every time. Commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41...
CVE-2025-21698
In the Linux kernel, the following vulnerability has been resolved: Revert "usb: gadget: userial: Disable ep before setting port to null to fix the crash caused by port being null" This reverts commit 13014969cbf07f18d62ceea40bd8ca8ec9d36cec. It is reported to cause crashes on Tegra systems, so...
CVE-2024-57952
In the Linux kernel, the following vulnerability has been resolved: Revert "libfs: fix infinite directory reads for offset dir" The current directory offset allocator based on mtreealloccyclic stores the next offset value to return in octx-nextoffset. This mechanism typically returns values that...
DEBIAN-CVE-2024-57952
In the Linux kernel, the following vulnerability has been resolved: Revert "libfs: fix infinite directory reads for offset dir" The current directory offset allocator based on mtreealloccyclic stores the next offset value to return in octx-nextoffset. This mechanism typically returns values that...
CVE-2024-57952
In the Linux kernel, the following vulnerability has been resolved: Revert "libfs: fix infinite directory reads for offset dir" The current directory offset allocator based on mtreealloccyclic stores the next offset value to return in octx-nextoffset. This mechanism typically returns values that...
CVE-2024-57952 Revert "libfs: fix infinite directory reads for offset dir"
In the Linux kernel, the following vulnerability has been resolved: Revert "libfs: fix infinite directory reads for offset dir" The current directory offset allocator based on mtreealloccyclic stores the next offset value to return in octx-nextoffset. This mechanism typically returns values that...
Access Control Bypass
Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Access Control Bypass enabling the bypass of a security feature. Remediation There is no fixed version for magento/project-community-edition...
Access Control Bypass
Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Access Control Bypass that could allow a privileged attacker to escalate privileges. Remediation There is no fixed version for...
Improper Check for Unusual or Exceptional Conditions
Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions enabling the bypass of a security feature. Remediation There is no fixed version for...
Access Control Bypass
Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Access Control Bypass that could enable a privileged attacker to escalate privileges. Remediation There is no fixed version for...
Information Exposure
Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Information Exposure which could allow a privileged attacker to escalate privileges. Remediation There is no fixed version for...
Astra Linux – Vulnerability in llvm-toolchain-15
It was discovered that the commit fdbc55a5 from the llvm-project contains a segmentation fault due to the component mlir::IROperandmlir::OpOperand...
Astra Linux – Vulnerability in llvm-toolchain-15
It was discovered that the commit bd456297 from the llvm-project contains a segmentation fault due to the component mlir::Block::getArgument...
Astra Linux – Vulnerability in llvm-toolchain-15
It was discovered that the commit a0138390 from the llvm-project contains a segmentation fault due to the component mlir::spirv::TargetEnv::TargetEnvmlir::spirv::TargetEnvAttr...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ubifs: Authentication: Fixed a use-after-free in ubifstncendcommit. After an insertion in TNC, the tree may split, causing a node to change its znode-parent. Further deletions of other nodes in the tree which could also free thos...