CVE-2020-26308 GHSL-2020-302: Regular Expression Denial of Service (ReDoS) in validate.js

Validate.js provides a declarative way of validating javascript objects. Versions 0.13.1 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, no known patches are available...

virt:kvm_utils1 security update

hivex 1.3.18-21 - Bounds check for block exceeding page length CVE-2021-3504 resolves: rhbz1950501 1.3.18 - Resolves: bz1810193 Upgrade components in virt:rhel module:stream for RHEL-8.3 release 1.3.18 - Resolves: bz1810193 Upgrade components in virt:rhel module:stream for RHEL-8.3 release 1.3.15...

CVE-2022-48999

CVE-2022-48999 concerns a Linux kernel issue in IPv4 multipath route deletion. The root cause is a slab-out-of-bounds read in fib_nh_match when deleting a route where fib_info references a nexthop while separate nexthop objects conflict with the legacy multipath spec. The workaround/fix implement...

SUSE CVE-2024-49860

In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method Only buffer objects are valid return values of STR. If something else is returned descriptionshow will access invalid memory...

AZL-50833 CVE-2024-49860 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method Only buffer objects are valid return values of STR. If something else is returned descriptionshow will access invalid memory...

DEBIAN-CVE-2024-49860

In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method Only buffer objects are valid return values of STR. If something else is returned descriptionshow will access invalid memory...

AZL-51017 CVE-2024-49860 affecting package kernel for versions less than 6.6.56.1-5

In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method Only buffer objects are valid return values of STR. If something else is returned descriptionshow will access invalid memory...

AZL-50809 CVE-2024-47739 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: padata: use integer wrap around to prevent deadlock on seqnr overflow When submitting more than 2^32 padata objects to padatadoserial, the current sorting implementation incorrectly sorts padata objects with overflowed seqnr,...

CVE-2024-49860 ACPI: sysfs: validate return type of _STR method

In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method Only buffer objects are valid return values of STR. If something else is returned descriptionshow will access invalid memory...

Untitled

org.pac4j:pac4j-core is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to the handling of serialized Java objects inside the InternalAttributeHandlerprepare method. An attacker can execute arbitrary code by providing a specially crafted attribute that contains a...

CVE-2023-32196

A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation...

CVE-2024-21264

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft component: Activity Guide Composer. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

firefox: thunderbird: Potential memory corruption may occur when cloning certain objects

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: It is currently unknown if this issue is exploitable, but a condition may arise where the structured clone of certain objects could lead to memory corruption...

firefox: thunderbird: Potential memory corruption may occur when cloning certain objects

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: It is currently unknown if this issue is exploitable, but a condition may arise where the structured clone of certain objects could lead to memory corruption...

CVE-2024-21264

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft component: Activity Guide Composer. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2024-21264

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft component: Activity Guide Composer. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2024-21264

The CVE-2024-21264 entry concerns Oracle PeopleSoft Enterprise CC Common Application Objects, component Activity Guide Composer, affected in version 9.2. Affected: PeopleSoft Enterprise CC Common Application Objects. Root cause: not explicitly detailed beyond the vulnerable component. Impact: a l...

Oracle PeopleSoft Enterprise CC Common Application Objects 安全漏洞

Oracle PeopleSoft Enterprise CC Common Application Objects is a Common Application Objects component from Oracle Corporation USA. A security vulnerability exists in Oracle PeopleSoft Enterprise CC Common Application Objects version 9.2. An attacker could exploit the vulnerability to update, inser...

USN-6968-3: PostgreSQL vulnerability

USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16. This update provides the corresponding updates for PostgreSQL-9.3 in Ubuntu 14.04 LTS and PostgreSQL-10 in Ubuntu 18.04 LTS. Original advisory details: Noah Misch discovered that PostgreSQL incorrectly handled...

VINCE 安全漏洞

VINCE is an open source vulnerability information and coordination environment developed and used by the CERT Coordination Center in the United States. Vulnerability disclosure for improved coordination. A security vulnerability exists in VINCE versions prior to 3.0.8 that originates from an...