6686 matches found
DRUPAL-CORE-2024-003
Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized...
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003
Drupal uses JavaScript to render status messages in some cases and configurations. In certain situations, the status messages are not adequately sanitized...
The vulnerability of the DRM component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the Linux operating system’s kernel DRM component is related to the use of an uninitialized resource. Exploiting this vulnerability could allow a hacker to cause a service failure...
CVE-2024-52506
Graylog is a free and open log management platform. The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This functionality, as included i...
CVE-2024-52506 Graylog can leak other users' reports via concurrent PDF report rendering
Graylog is a free and open log management platform. The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This functionality, as included i...
CVE-2024-52506 Graylog can leak other users' reports via concurrent PDF report rendering
Graylog is a free and open log management platform. The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This functionality, as included i...
GHSA-VGGM-3478-VM5M Graylog concurrent PDF report rendering can leak other users' reports
Impact The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This functionality, as included in Graylog 6.1.0 & 6.1.1, is vulnerable to...
Graylog concurrent PDF report rendering can leak other users' reports
Impact The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This functionality, as included in Graylog 6.1.0 & 6.1.1, is vulnerable to...
The vulnerability of Linux operating system’s DRM/AMDGPU cores allows a hacker to trigger a service failure.
The vulnerability of the DRM/AMDGPU kernel components in the Linux operating system is related to errors in the resource management of the amdgputtmgartbind function. Exploiting this vulnerability can allow a hacker to cause service failures...
[SECURITY] Fedora 40 Update: webkitgtk-2.46.3-1.fc40
WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...
Fedora 40 : webkitgtk (2024-4d940908db)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-4d940908db advisory. Update to WebKitGTK 2.46.3: Flatten layers to a plane when preseve-3d style is set. Fix DuckDuckGo links by adding a user agent quirk. Fix several...
Important: Red Hat Security Advisory: webkit2gtk3 security update
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update ...
chromium-browser: Use after free in ANGLE
There's a flaw in the Angle package where processing maliciously crafted web content may lead to a use-after-free. A remote attacker may leverage that to exploit heap corruption related bugs, such as crashing the application or remote code execution...
Important: Red Hat Security Advisory: webkit2gtk3 security update
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Important: Red Hat Security Advisory: webkit2gtk3 security update
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
SUSE CVE-2024-51750
Element is a Matrix web client built using the Matrix React SDK. A malicious homeserver can send invalid messages over federation which can prevent Element Web and Desktop from rendering single messages or the entire room containing them. This was patched in Element Web and Desktop 1.11.85...
Fedora 37 : webkitgtk (2022-08fdc4138a)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-08fdc4138a advisory. Fix scrolling issues in some sites having fixed background. Fix prolonged buffering during progressive live playback. Fix several crashes and...
The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to bypassing authentication through spoofing, allows attackers to access sensitive data, compromise its integrity, and cause service failures.
The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to the bypassing of authentication processes through spoofing techniques. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data, compromise its integrity, and cause service...
The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to access to memory cells before the buffer is initialized, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the WPE WebKit and WebKitGTK page rendering modules relates to access to memory cells before the buffer is initialized. Exploiting this vulnerability can allow a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures...
The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to integer overflow, allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit is related to integer overflow. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...