[SECURITY] Fedora 37 Update: yt-dlp-2023.07.06-1.fc37

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

[SECURITY] Fedora 38 Update: yt-dlp-2023.07.06-1.fc38

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

aldryn-django (>=4.2.10.0 <=4.2.18.0), alertwise (=1.0.0) +114 more potentially affected by CVE-2023-36053 via django (>=4.2.0 <=4.2.29)

django PYPI version =4.2.0, =4.2.10.0, =65.10.0, =7.5.1, =1.0.2, =0.0.1, =1.3.9, =0.4.0, =0.0.1, =4.16.2, =4.8.0, =0.0.4.dev0, =8.0.0, =8.5.1 and more Source cves: CVE-2023-36053 Source advisory: OSV:GHSA-JH3W-4VVF-MJGR...

org.nokogiri:nekohtml vulnerable to Uncontrolled Resource Consumption

Summary The fork of org.cyberneko.html used by Nokogiri Rubygem raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup. Severity The maintainers have evaluated this as High Severity 7.5 CVSS3.1. Mitigation Upgrade to = 1.9.22.noko2. Credit This vulnerability was reporte...

PT-2023-23164 · Nextcloud · Nextcloud Cookbook

Name of the Vulnerable Software and Affected Versions: NextCloud Cookbook versions prior to commit a46d9855 on the master branch and commit 489bb744 on the main-0.9.x branch Description: The issue concerns a command injection vulnerability due to the use of an untrusted github.head ref field in t...

kernel: s390: fix double free of GS and RI CBs on fork() failure

In the Linux kernel, the following vulnerability has been resolved: s390: fix double free of GS and RI CBs on fork failure The pointers for guarded storage and runtime instrumentation control blocks are stored in the threadstruct of the associated task. These pointers are initially copied on fork...

PT-2025-25916 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A double free vulnerability in the Linux kernel on s390 architecture occurs when the fork system call fails after the initial task duplication and before the copy thread function is...

UBUNTU-CVE-2023-0485

An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff wit...

CVE-2023-0485

Removed by vendor...

CVE-2023-0485

An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff wit...

PT-2023-16297 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 13.11 through 15.8.4 GitLab versions 15.9 through 15.9.3 GitLab versions 15.10 through 15.10.0 Description: An issue has been discovered in GitLab where a project member demoted to a user role could read project updates by doi...

CVE-2023-24824 Quadratic complexity may lead to a denial of service in cmark-gfm

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads...

CVE-2023-24824

CVE-2023-24824 affects cmark-gfm (GitHub’s fork of cmark) in C, where quadratic/polynomial parsing complexity can exhaust resources and cause DoS when processing inputs that begin with many ‘&gt;’ or ‘-’. The issue is mitigated by upgrading to upstream 0.29.0.gfm.10; downstream ecosystems (e.g., ...

OESA-2023-1186 libfastjson security update

libfastjson is a fork from json-c, and is currently under development. The aim of this is not to provide a slightly modified clone of json-c. It's aim is to provide: a small library with essential json handling functions, sufficiently good json support not 100% standards compliant, be very fast i...

PT-2023-20683 · Unknown · Cocos Engine

Name of the Vulnerable Software and Affected Versions: Cocos Engine affected versions not specified Description: The issue concerns a command injection vulnerability in the web-interface-check.yml file of the Cocos Engine GitHub repository. This file was triggered by pull requests and contained a...

RUSTSEC-2023-0020 const-cstr is Unmaintained

Last release was about five years ago. The maintainers have been unreachable to respond to any issues that may or may not include security issues. The repository is now archived and there is no security policy in place to contact the maintainers otherwise. No direct fork exist. const-cstr is...

GSD-2023-1002420 aio: fix mremap after fork null-deref

aio: fix mremap after fork null-deref This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.306 by commit...

GSD-2023-1002402 aio: fix mremap after fork null-deref

aio: fix mremap after fork null-deref This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.232 by commit 4326d0080f7e84fba775da41d158f46cf9d3f1c...

Ethos stil using LUSD (not ERN) will lead to confusion and ambiguity of the protocol resulting uncountable risk for the project

Lines of code Vulnerability details Impact Ethos stil using LUSD not ERN will lead to confusion and ambiguity of the protocol resulting uncountable risk for the project Proof of Concept Ethos is a fork project of Liquity with additional changes, supporting multi collateral tokens. There are some...

PT-2023-35427 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.95 Description: The issue is related to a null-deref in the mremap function after a fork operation. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...