PT-2024-40905 · Yaml-Rust · Yaml-Rust

Name of the Vulnerable Software and Affected Versions: yaml-rust affected versions not specified Description: The maintainer of yaml-rust seems unreachable, with many issues and pull requests submitted over the years without any response. Recommendations: Consider switching to the actively...

CVE-2024-28859 Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency

Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support. Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer...

DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Dependency in Jira Software Data Center and Server

This High severity net.sourceforge.nekohtml:nekohtml Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, and 9.9.0 of Jira Software Data Center and Server. This net.sourceforge.nekohtml:nekohtml Dependency vulnerability, with a CVSS...

BIT-GITLAB-2020-13270

Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API...

BIT-GITLAB-2021-22229

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by a project member...

BIT-GITLAB-2023-3920 Incorrect Authorization in GitLab

An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the...

Jenkins Bitbucket Branch Source Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CVE-2020-36776 thermal/drivers/cpufreq_cooling: Fix slab OOB issue

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/cpufreqcooling: Fix slab OOB issue Slab OOB issue is scanned by KASAN in cpupowertofreq. If power is limited below the power of OPP0 in EM table, it will cause slab out-of-bound issue with negative array index...

Chrome 121 Javascript Fork Malloc Bomb Exploit

Chrome version 121 suffers from a javascript fork malloc vulnerability that indicates memory corruption upon crash. Searching the web for javascript fork malloc bomb returns results, e.g. here1: and here2: We got a javascript fork malloc bomb which crashed Chrome 121 on linux with SIGILL and abou...

[SECURITY] Fedora 39 Update: PyDrive2-1.18.0-1.fc39

Google Drive API Python wrapper library. Maintained fork of PyDrive...

UBUNTU-CVE-2023-3511

An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge requests to private projects they're not a...

GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab suffers from a security vulnerability that stems from the fact that...

Replay Attack because EIP712 DOMAIN_SEPARATOR stored as immutable

Lines of code Vulnerability details Impact Loss of fund due to replay attacks. Approvals made on one chain could be replayed when there is a fork without owner's consent. Proof of Concept The issue is in the ERC1155PermitSignatureExtension.sol which is inherited by the OceanERC1155.sol and...

Hyperledger: CVE-2023-46132

A vulnerability was discovered in which the way transactions were hashed in Fabric blockchain blocks allowed an attacker to manipulate the transaction data while keeping the block hash unchanged. This could enable an adversary to fork the blockchain network state through malicious blocks that...

SUSE CVE-2023-46121

yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie...

[SECURITY] Fedora 37 Update: frr-8.5.3-1.fc37

FRRouting is free software that manages TCP/IP based routing protocols. It ta kes a multi-server and multi-threaded approach to resolve the current complexity of the Internet. FRRouting supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EI GRP and BFD. FRRouting is a fork of Quagga...

UBUNTU-CVE-2023-46121

yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie...

`loopdev` crate is unmaintained; use 'loopdev-3` instead.

The loopdev crate was last released in Oct, 2021. It has been unable to build in Fedora 38 and above since April, 2023. The loopdev-3 crate is a maintained fork: https://github.com/stratis-storage/loopdev-3...

RUSTSEC-2023-0088 `loopdev` crate is unmaintained; use 'loopdev-3` instead.

The loopdev crate was last released in Oct, 2021. It has been unable to build in Fedora 38 and above since April, 2023. The loopdev-3 crate is a maintained fork: https://github.com/stratis-storage/loopdev-3...

UBUNTU-CVE-2023-3413

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to...