Improper File URI Scheme Validation

changedetection.io is vulnerable to improper file URI scheme validation. The vulnerability is due to a logic flaw in the issafeurl function, which improperly allows the file: scheme and insufficiently restricts access to local file paths when ALLOWFILEURI is set to false or undefined...

CVE-2023-32635

XBRL data create application version 7.0 and earlier improperly restricts XML external entity references XXE. By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker...

USN-5825-2: PAM regressions

USN-5825-1 fixed vulnerabilities in PAM. Unfortunately that update was incomplete and could introduce a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that PAM did not correctly restrict login from an IP address that is...

Bolt CMS Security Vulnerability

Bolt CMS is an open source PHP-based content management system for the Bolt BOLT community. A security vulnerability exists in Bolt versions prior to 3.7.2, which stems from a filter option in the Twig context that restricts requests, and is therefore inconsistent with the "How to Enhance PHP for...

USN-3847-1 linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities

It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2018-10902 It was discovered that an integer overr...

SOL17169 - Java vulnerability CVE-2015-2625

While the vulnerable software components exist, they are not used in a way that exposes this vulnerability. There are no remote access vectors for this issue and no data plane exposure on F5 products; this vulnerability is considered low severity. Vulnerability Recommended Actions If the previous...