30456 matches found
CVE-2024-53863
Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamicthumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for...
SUSE-SU-2024:4145-1 Security update for wget
This update for wget fixes the following issues: - CVE-2024-10524: Fixed SSRF via shorthand HTTP URL bsc1233773...
Security update for wget
This update for wget fixes the following issues: CVE-2024-10524: Fixed SSRF via shorthand HTTP URL bsc1233773 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for yo...
CLSA-2024-1733142550 Fix of 13 CVEs
CVE-url: https://ubuntu.com/security/CVE-2023-52614 - time: Introduce jiffies64tomsecs - PM / devfreq: Modify the indentation of transstat sysfs for readability - PM / devfreq: Do not show statistics if it's not ready. - PM / devfreq: Fix buffer overflow in transstatshow Bionic update: upstream...
Android Security Bulletin December 2024Stay organized with collectionsSave and categorize content based on your preferences.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2024-12-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...
CVE-2024-53848 check-jsonschema default caching for remote schemas allows for cache confusion
check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. https://example.org/schema.json will be stored as schema.json. This naming allows for conflicts. If an attack...
CVE-2024-53848 check-jsonschema default caching for remote schemas allows for cache confusion
check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. https://example.org/schema.json will be stored as schema.json. This naming allows for conflicts. If an attack...
CVE-2024-52801 Brute force takeover of OpenID Connect session cookies in sftpgo
sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby gain access to other users' data, since the cookies are...
PT-2024-9112 · Moby +6 · Moby +6
Name of the Vulnerable Software and Affected Versions: moby version 25.0.3 Description: The issue is related to a Race Condition in the streamformatter package, which can be exploited to trigger multiple concurrent write operations. This can result in data corruption or application crashes. The...
Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP
Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges. "These vulnerabilities pose significant risks, allowing...
Security update for frr
This update for frr fixes the following issues: Update to frr 8.5.6 jscPED-PED-11092 including fixes for: CVE-2024-44070,CVE-2024-34088,CVE-2024-31951,CVE-2024-31950, CVE-2024-31948,CVE-2024-27913,CVE-2023-47235,CVE-2023-47234, CVE-2023-46753,CVE-2023-46752,CVE-2023-41909,CVE-2023-41360,...
Security update for ovmf
This update for ovmf fixes the following issues: CVE-2024-1298: Fixed potential UINT32 overflow in S3 ResumeCount bsc1225889. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comma...
CLSA-2024-1732702350 squid: Fix of CVE-2024-45802
CVE-2024-45802: disable ESI...
CVE-2024-52008 Password Policy Bypass Vulnerability in Fides Webserver
Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API cal...
CVE-2024-53844 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in labsai/eddi
E.D.D.I Enhanced Dialog Driven Interface is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in RestExportService.java. This vulnerability allows an attacker to access sensitive files on the server by...
RHEL 8 / 9 : Red Hat JBoss Enterprise Application Platform 8.0 update (Moderate) (RHSA-2024:10386)
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10386 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This asynchronous...
CVE-2024-53843 Reflected XSS Vulnerability in Authentication Flow URL Handling in @dapperduckling/keycloak-connector-server
@dapperduckling/keycloak-connector-server is an opinionated series of libraries for Node.js applications and frontend clients to interface with keycloak. A Reflected Cross-Site Scripting XSS vulnerability was discovered in the authentication flow of the application. This issue arises due to...
CVE-2024-53258
CVE-2024-53258 affects Autolab, a course management service for auto-graded programming assignments. From v3.0.0, the existing download_all_submissions feature allows a logged-in user to download all submissions from another student, potentially leaking submissions to unauthorized users (includin...
CVE-2024-53258 download_all_submissions allows student to download another student's submissions in Autolab
Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...
CLSA-2024-1732555093 Fix CVE(s): CVE-2020-27767
SECURITY UPDATE: Undefined behavior due to values outside range in quantum.h - debian/patches/CVE-2020-27767.patch: Fix quantum.h to include float.h to handle min and max values for Quantum type - debian/patches/CVE-2020-27767-1.patch: Fix ClampToQuantum function to handle negative values correct...