43 matches found
Internet Bug Bounty: Potential DoS vulnerability in Django in multipart parser
A potential denial-of-service vulnerability was discovered in Django's multipart parser, which could result in too many open files or memory exhaustion. This vulnerability was fixed in Django 3.2.18, 4.0.10, and 4.1.7 by limiting the number of file parts parsed via a new setting. The severity of...
wolfSSL WOLFSSL_CALLBACKS Heap Buffer Over-Read
wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSLCALLBACKS ==================================================================== INFO ======= The CVE project has assigned the id CVE-2022-42905 to this issue. Severity: 9.1 CRITICAL Affected version: before 5.5.2 End of embargo: Ended October...
2022.2 IPU - Intel® Processor Advisory
Summary: A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing firmware updates to address this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-21233 Description: Improper isolation of shared resources in some IntelR...
ASB-A-233078742
In ioreqinitasync there is a potential use after free due to a race condition. This could lead to local escalation of privileges with User execution privileges needed. User interaction is not needed for exploitation...
java-11-openjdk security update
1:11.0.15.0.9-2 - Add JDK-8284920 fix for XPath regression - Related: rhbz2073422 1:11.0.15.0.9-2 - Remove security items from release notes that were only in 17u and N/A for 11u - Related: rhbz2073422 1:11.0.15.0.9-1 - Update to jdk-11.0.15.0+9 - Update release notes to 11.0.15.0+9 - Switch to G...
java-11-openjdk security update
1:11.0.14.0.9-1.0.1 - link atomic for ix86 build 1:11.0.14.0.9-1 - Update to jdk-11.0.14.0+9 - Update release notes to 11.0.14.0+9 - Switch to GA mode for final release. - This tarball is embargoed until 2022-01-18 @ 1pm PT. - Resolves: rhbz2039366 1:11.0.14.0.8-0.1.ea - Update to jdk-11.0.14.0+8...
java-1.8.0-openjdk security and bug fix update
1:1.8.0.312.b07-1 - Update to aarch64-shenandoah-jdk8u312-b07 EA - Update release notes for 8u312-b07. - Switch to GA mode for final release. - This tarball is embargoed until 2021-10-19 @ 1pm PT. - Resolves: rhbz2011826 1:1.8.0.312.b05-0.3.ea - Add patch to improve performance of common separato...
java-1.8.0-openjdk security and bug fix update
1:1.8.0.312.b07-1 - Update to aarch64-shenandoah-jdk8u312-b07 EA - Update release notes for 8u312-b07. - Switch to GA mode for final release. - This tarball is embargoed until 2021-10-19 @ 1pm PT. - Resolves: rhbz2011826 1:1.8.0.312.b05-0.4.ea - Allow plain key import to be disabled with...
java-1.8.0-openjdk security update
1:1.8.0.292.b10-0 - Update to aarch64-shenandoah-jdk8u292-b10 GA - Update release notes for 8u292-b10. - Update tarball generation script to use PR3822 which handles JDK-8233228 & JDK-8035166 changes - Remove RH1868759 patch as this is now resolved upstream by JDK-8258833. - Re-organise S/390...
java-11-openjdk security and enhancement update
1:11.0.8.10-0 - Update to shenandoah-jdk-11.0.8+10 GA - Switch to GA mode for final release. - Update release notes with last minute fix JDK-8248505. - This tarball is embargoed until 2020-07-14 @ 1pm PT. - Resolves: rhbz1838811 1:11.0.8.9-0.0.ea - Update to shenandoah-jdk-11.0.8+9 EA - Update...
X (Formerly Twitter): Android WebViews in Twitter app are vulnerable to UXSS due to configuration and CVE-2020-6506
Summary: CVSS score: 8.1 / High / CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Embargo notice: Do Not Disclose publicly until https://crbug.com/1083819 is disclosed. Twitter for Android is affected by a UXSS vulnerability due to its configuration of Android WebView and CVE-2020-6506. Vendor...
libxml 2.9.2 Stack Overflow
Hi This is a disclosure of the following issue that was raised a week ago on the distro's mailing list. Both bugs on the gnome bugtracker are currently private and should be made public now. The two attached patches are based off the 2.9.3 libxml2 release. A couple of weeks back while working on ...
CollabNet Subversion Edge Password Hash Leak
Vuln Title: The CollabNet Subversion Edge Management frontend user credential hash leak Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Credential leak Risk: Medium Status: public/fixed Fixed...
CollabNet Subversion Edge tail local file inclusion
Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via logfile "fileName" parameter of the "tail" action Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Local...
CollabNet Subversion Edge Management 4.0.11 - Local File Inclusion Vulnerability
Exploit for linux platform in category web applications Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via logfile "fileName" parameter of the "tail" action Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabN...
CollabNet Subversion Edge Management Show LFI
Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via "fileName" parameter of the show action Date: 10.10.2014 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Local file...
CollabNet Subversion Edge Management 4.0.11 - Local File Inclusion
CollabNet Subversion Edge Management 4.0.11 - Local File Inclusion Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via logfile "fileName" parameter of the "tail" action Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge...
CollabNet Subversion Edge Management Tail LFI
Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via logfile "fileName" parameter of the "tail" action Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Local...
CollabNet Subversion Edge Management Credential Leak
Vuln Title: The CollabNet Subversion Edge Management frontend user credential hash leak Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: Credential leak Risk: Medium Status: public/fixed Fixed...
CollabNet Subversion Edge Management downloadHook LFI
Vuln Title: Local file inclusion in CollabNet Subversion Edge Management Frontend via logfile "filename" parameter of the "downloadHook" action Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type:...