4175 matches found
PT-2024-28626 · Fedify · Fedify
Name of the Vulnerable Software and Affected Versions: Fedify versions prior to 0.9.2, 0.10.1, or 0.11.1 Description: The issue is related to a Server Side Request Forgery attack. When Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the...
TCP security vulnerability
TCP Transmission Control Protocol is a connection-oriented, reliable, byte-stream-based transport layer communication protocol defined by IETF RFC 793. A security vulnerability exists in TCP that stems from the protocol having a timed side channel, which allows an attacker to infer the contents o...
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
Note On Thursday, June 27, 2024, Cloudflare and Namecheap intervened at a domain level to ensure polyfill.io and its subdomains could not resolve to the compromised service, rendering this vulnerability unexploitable. The following sections describe this vulnerability prior to the domain level...
CVE-2024-38537 Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...
CVE-2024-38537 Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...
CVE-2024-38537 Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
Fides is an open-source privacy engineering platform. fides.js, a client-side script used to interact with the consent management features of Fides, used the polyfill.io domain in a very limited edge case, when it detected a legacy browser such as IE11 that did not support the fetch standard...
SSSD: Command Injection
Background SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms such as LDAP, Kerberos or FreeIPA. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. Description A...
Proxy-Authorization header not cleared on cross-origin redirect in fetch in Undici
...
AZL-43669 CVE-2024-39134 affecting package zziplib 0.13.72-3
A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the zzipfetchdisktrailer function at /zzip/zip.c...
DEBIAN-CVE-2024-39134
A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the zzipfetchdisktrailer function at /zzip/zip.c...
Stack-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow through the zzipfetchdisktrailer function. An attacker can disrupt service and potentially execute arbitrary code by sending specially crafted inputs. Remediation Upgrade zziplib to version 0.13.78 or higher...
Malicious code in discord.js-fetch (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in @amops/fetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis d9eb323a3c294832e925d2ed472560ab37507fc32711add225d99db97b08bc74 The OpenSSF Package Analysis project identified '@amops/fetch' @ 1.4.1 npm as malicious. It is considered malicious because: - The package...
OESA-2024-1737 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client...
SUSE CVE-2021-47608
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic fetch The change in commit 37086bfdc737 "bpf: Propagate stack bounds to registers in atomics w/ BPFFETCH" around checkmemaccess handling is buggy since this would allow for unprivileged...
CVE-2021-47608
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic fetch The change in commit 37086bfdc737 "bpf: Propagate stack bounds to registers in atomics w/ BPFFETCH" around checkmemaccess handling is buggy since this would allow for unprivileged...
CVE-2021-47608
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic fetch The change in commit 37086bfdc737 "bpf: Propagate stack bounds to registers in atomics w/ BPFFETCH" around checkmemaccess handling is buggy since this would allow for unprivileged...
DEBIAN-CVE-2021-47608
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic fetch The change in commit 37086bfdc737 "bpf: Propagate stack bounds to registers in atomics w/ BPFFETCH" around checkmemaccess handling is buggy since this would allow for unprivileged...
UBUNTU-CVE-2021-47608
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic fetch The change in commit 37086bfdc737 "bpf: Propagate stack bounds to registers in atomics w/ BPFFETCH" around checkmemaccess handling is buggy since this would allow for unprivileged...
CVE-2021-47608
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic fetch The change in commit 37086bfdc737 "bpf: Propagate stack bounds to registers in atomics w/ BPFFETCH" around checkmemaccess handling is buggy since this would allow for unprivileged...