5177 matches found
ALSA-2023:3018 Low: libarchive security update
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...
Moderate: go-toolset:rhel8 security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: crypto/tls: large handshake records may cause panics CVE-2022-41724 golang: net/http, mime/multipart: denial of service from excessive resource consumption...
Moderate: python38:3.8 and python38-devel:3.8 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following...
Moderate: python39:3.9 and python39-devel:3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following...
Moderate: ctags security update
Ctags is a C programming language indexing and cross-reference tool. Security Fixes: ctags: arbitrary command execution via a tag file with a crafted filename CVE-2022-4515 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
Oracle Linux 9 : git-lfs (ELSA-2023-2357)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-2357 advisory. 3.2.0-1 - Update to 3.2.0 - Resolves: 2139383 2.13.3-4 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz1991688 2.13.3-3 - Rebuilt for RH...
AlmaLinux 9 : Image Builder (ALSA-2023:2204)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2204 advisory. - In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing i...
MAL-2023-873 Malicious code in the-self-taught-programmer-the-definitive-guide-to-programming-professionally-by-cory-althoff-on-kin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f8e8766974e7d3b55cae6c994c5db1430a00b75418500b55ce6336492915c633 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PT-2023-6473 · Go +7 · Go +7
Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.21.2 Go versions prior to 1.20.9 Description: The issue is related to the "//line" directive in the Go programming language, which can be exploited to bypass restrictions on "//go:cgo " directives. This allows blocked...
golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality...
Low: lua security update
The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Security Fixes: lua: heap buffer overread CVE-2022-28805 For more details about the security issues,...
ALSA-2023:2532 Low: libarchive security update
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...
Low: libarchive security update
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...
ALSA-2023:2582 Low: lua security update
The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Security Fixes: lua: heap buffer overread CVE-2022-28805 For more details about the security issues,...
bumsys 安全漏洞
bumsys is an open source project called Business Management System by unilogies individual developers. A security vulnerability exists in versions of bumsys prior to 2.1.1, which stems from an api processing endpoint that is allowed to contain local files that can be used to cause remote code...
The vulnerability of the programming software for PLCs (programmable logic controllers), EcoStruxure Control Exper, allows a intruder to execute arbitrary code.
The vulnerability of the EcoStruxure Control Exper programming tool for programmable logic controllers is related to deficiencies in the separation of the controlled system area. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the API scripts api_jsonrpc.php and index.php of the universal monitoring system Zabbix allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the API JSON RPC.php and index.php implementations of the Zabbix monitoring system is related to the exposure of information due to inconsistencies. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected...
Lenovo XClarity Controller 安全漏洞
Lenovo XClarity Controller XCC is a server-embedded management engine from Lenovo China that is used to standardize and automate basic server management tasks. A security vulnerability exists in Lenovo XClarity Controller that stems from the possibility that a valid, authenticated user with...
[SECURITY] [DLA 3408-1] jruby security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3408-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk April 30, 2023 https://wiki.debian.org/LTS -...
CVE-2022-31647
Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659...