Juju 安全漏洞

Juju is a canonical Juju open-source application orchestration engine. Versions 3.2.0 to 3.6.19, as well as 4.0 to 4.0.4, have security vulnerabilities. These vulnerabilities stem from the internal Dqlite database cluster failing to perform proper TLS client and server authentication. This allows...

Security update for Prometheus

This update for Prometheus fixes the following issues: golang-github-prometheus-alertmanager, golang-github-prometheus-nodeexporter: Internal changes to fix build issues with no impact for customers golang-github-prometheus-prometheus: Security issues fixed: CVE-2026-27606: Fixed arbitrary file...

EUVD-2014-7065

Malware in sbrugna...

EUVD-2024-53142

Malicious code in bioql PyPI...

EUVD-2022-25097

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-22577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An XSS Vulnerability in Action Pack = 5.2.0 and = 5.2.0 and 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. CVE-2022-22577 Note th...

CVE-2024-5005

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API...

CVE-2024-6502

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag...

CVE-2024-32481

Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. Starting in version 0.3.8 and prior to version 0.4.0b1, when looping over a range of the form rangestart, start + N, if start is negative, the execution will always revert. This issue is caused by an incorrect assertion...

CVE-2022-4317

An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects...

CLSA-2024-1731432106 ImageMagick: Fix of 2 CVEs

CVE-2020-27751: fix undefined behavior due to an overly large shift exponent in quantum-export.c - CVE-2020-27768: fix NaN being outside the range of representable values issue in quantum-private.h...

OESA-2024-1106 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service panic because inputsetcapability mishandles the situation in which an event code falls outside of a...

TWA update is not correct

Lines of code Vulnerability details Impact Time-warped-price is updated incorrectly and this affects moving bins. Proof of Concept The protocol updates twa on every swap and uses that to decide how to move bins. But in the function swap, the delta's endSqrtPrice can not contribute negatively to t...

SUSE-SU-2022:2301-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2022-32545: Fixed an outside the range of representable values of type. bsc1200388 - CVE-2022-32546: Fixed an outside the range of representable values of type. bsc1200389 - CVE-2022-32547: Fixed a load of misaligned address at...

GSD-2021-1000401 soc/tegra: regulators: Fix locking up when voltage-spread is out of range

soc/tegra: regulators: Fix locking up when voltage-spread is out of range This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.37 by commit...

SUSE-SU-2021:0528-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2021-20176: Fixed an issue where processing a crafted file could lead to division by zero bsc1181836. - CVE-2020-27767: outside the range of representable values of type 'float' at MagickCore/quantum.h bsc1179322...

CVE-2020-27769

In ImageMagick, there are outside the range of representable values of type 'float' at MagickCore/quantize.c...

Denial of Service Vulnerability in WPS office 2016 Personal Edition/Enterprise Edition and Kingsoft pdf

WPS Office is an office software suite independently developed by Kingsoft Corporation Limited, which can realize the most commonly used text, table, presentation and many other functions of office software. A denial-of-service vulnerability exists in WPS office 2016 Personal/Enterprise Edition a...