GitLab 13.9 < 13.11.6 / 13.12 < 13.12.6 / 14.0 < 14.0.2 (CVE-2021-22226)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9 CVE-2021-22226 Note that Nessus has not tested for...

io.antmedia.app:ConsoleApp (>=1.2.0 <=1.5.0), io.antmedia.app:LiveApp (>=1.2.0 <=1.8.1) +8 more potentially affected by CVE-2024-3462 via io.antmedia:ant-media-server (>=1.2.0 <=2.9.0)

io.antmedia:ant-media-server MAVEN version =1.2.0, =1.2.0, =1.2.0, =1.6.1, =2.15.0, =2.9.0, =2.14.0, =2.9.0, =2.6.1, =1.9.0, =1.2.0, =1.8.1 Source cves: CVE-2024-3462 Source advisory: OSV:GHSA-G95V-3PJ6-J433...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: http-echo, dockerize, prometheus-nats-exporter, cue, spqr, fulcio-fips, tigera-operator-fips, cortex, cass-operator-fips-no-pvc-delete, prometheus-pushgateway-fips, external-secrets-fips, volume-modifier-for-k8s, oauth2-proxy, git-lfs, dex, prometheus-statsd-exporter...

curl: HTTP/2 push headers memory-leak

A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a...

curl: HTTP/2 push headers memory-leak

A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a...

SUSE SLES15 Security Update : curl (SUSE-SU-2024:1151-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1151-2 advisory. - When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would rema...

CVE-2024-34369 WordPress Web Push Notifications – Webpushr plugin <= 4.35.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Webpushr Web Push Notifications Webpushr allows Reflected XSS.This issue affects Webpushr: from n/a through 4.35.0...

SUSE-SU-2024:1151-2 Security update for curl

This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. bsc1221665 - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. bsc1221667...

Arbitrary Code Execution

Mercurial is vulnerable to a Arbitrary Code Execution. The vulnerability is due to incorrect bound checks in the binary delta decoder which allows an attacker to execute arbitrary code via a clone, push, or pull command, related to either list sizing rounding error or short records...

Medium: curl

Issue Overview: When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protoco...

Medium: curl

Issue Overview: When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protoco...

USN-6718-3 curl vulnerabilities

USN-6718-1 fixed vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: Dan Fandrich discovered that curl would incorrectly use the default set of protocols when a parameter option disabled all protocols without adding any, contrar...

Ubuntu 24.04 LTS. : curl vulnerabilities (USN-6718-3)

The remote Ubuntu 24.04 LTS. host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6718-3 advisory. USN-6718-1 fixed vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 24.04 LTS. Tenable has extracted the preceding...

Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2024-596)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-596 advisory. When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing...

Drupal Advanced PWA inc Push Notifications module < 1.5.0 - Authenticated Broken Access Control vulnerability

Authenticated Broken Access Control vulnerability discovered by Andre Groendijk in WordPress Module Advanced PWA inc Push Notifications versions 1.5.0...

OESA-2024-1480 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum...

CVE-2024-32473 vulnerabilities

Vulnerabilities for packages: neuvector-scanner, melange, syft, docker-compose, cri-tools, wolfictl, grype, harbor-scanner-trivy, k3d, kaniko, helm-push, dagger, policy-controller, buf, docker...

CVE-2024-32473 vulnerabilities

Vulnerabilities for packages: policy-controller, cri-tools, wolfictl, syft, harbor-scanner-trivy, harbor-scanner-trivy-fips, docker, kaniko, dagger, docker-compose, grype, helm-push, melange, neuvector-scanner, buf, policy-controller-fips, k3d...

GHSA-X84C-P2G9-RQV9 vulnerabilities

Vulnerabilities for packages: neuvector-scanner, melange, syft, docker-compose, cri-tools, wolfictl, grype, harbor-scanner-trivy, k3d, kaniko, helm-push, dagger, policy-controller, buf, docker...

GHSA-X84C-P2G9-RQV9 vulnerabilities

Vulnerabilities for packages: policy-controller, cri-tools, wolfictl, syft, harbor-scanner-trivy, harbor-scanner-trivy-fips, docker, kaniko, dagger, docker-compose, grype, helm-push, melange, neuvector-scanner, buf, policy-controller-fips, k3d...