30464 matches found
OPENSUSE-SU-2024:14325-1 MozillaThunderbird-115.15.0-1.1 on GA media
These are all security issues fixed in the MozillaThunderbird-115.15.0-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2022-33065 affecting package libsndfile for versions less than 1.0.31-3
CVE-2022-33065 affecting package libsndfile for versions less than 1.0.31-3. A patched version of the package is available...
CVE-2024-7383 affecting package libnbd for versions less than 1.12.1-4
CVE-2024-7383 affecting package libnbd for versions less than 1.12.1-4. A patched version of the package is available...
CVE-2024-24474 affecting package qemu for versions less than 6.2.0-20
CVE-2024-24474 affecting package qemu for versions less than 6.2.0-20. A patched version of the package is available...
CVE-2022-41717 affecting package containerized-data-importer for versions less than 1.55.0-20
CVE-2022-41717 affecting package containerized-data-importer for versions less than 1.55.0-20. A patched version of the package is available...
CVE-2024-45294
A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...
CVE-2023-51368 QTS, QuTS hero
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service DoS attack via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722...
CVE-2024-45294 `org.hl7.fhir.core` XXE vulnerability in XSLT transforms
The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities including validator, for the Fast Healthcare Interoperability Resources FHIR specification. Prior to version 6.3.23, XSLT transforms performed by various components are vulnerable to XML external...
DEBIAN-CVE-2024-45405
gix-path is a crate of the gitoxide project an implementation of git written in Rust dealing paths and their conversions. Prior to version 0.10.11, gix-path runs git to find the path of a configuration file associated with the git installation, but improperly resolves paths containing unusual or...
[SECURITY] Fedora 40 Update: python-django4.2-4.2.16-1.fc40
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...
Cisco NX-OS Software Python Sbox Escape Multiple Vulnerabilities (cisco-sa-nxos-psbe-ce-YvbTn5du)
According to its self-reported version, Cisco NX-OS Software is affected by multiple vulnerabilities. - A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low- privileged, local attacker to escape the Python sandbox and gain unauthorized access to the...
CVE-2024-24759
CVE-2024-24759 (MindsDB) : A DNS rebinding flaw allows bypassing SSRF protection across the MindsDB website prior to version 23.12.4.2, with potential denial-of-service. The issue is fixed in version 23.12.4.2 and later. Remediation: upgrade to 23.12.4.2+ (or later).
PT-2025-18291 · Xwiki · Xwiki
Name of the Vulnerable Software and Affected Versions: XWiki versions 13.5-rc-1 through 15.10.12 XWiki versions 16.0.0-rc-1 through 16.4.3 XWiki versions 16.5.0-rc-1 through 16.7.x Description: The issue is related to an open redirect vulnerability in the HTML conversion request filter. This allo...
sigstore-go has an unbounded loop over untrusted input can lead to endless data attack
Impact sigstore-go is susceptible to a denial of service attack when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, RFC 3161 timestamps, and attestation subjects. The verification of these...
CVE-2024-45008
CVE-2024-45008 affects the Linux kernel input subsystem. The vulnerability arises when input_mt_init_slots() allocates slots based on user-supplied num_slots via UI_DEV_CREATE, risking oversized allocations. A patch caps the maximum slots at 1024, mitigating memory exhaustion. Connected advisorie...
CVE-2024-45053
Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code...
CVE-2024-45053 Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code...
SUSE CVE-2024-45306
Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop ...
PT-2024-20014 · Google · Android +1
Name of the Vulnerable Software and Affected Versions: Google Pixel versions affected versions not specified Non-Pixel Android versions affected versions not specified Description: A high severity Bluetooth issue is reported, which has been listed for both Pixel and non-Pixel devices in different...
GHSA-Q765-WM9J-66QJ @blakeembrey/template vulnerable to code injection when attacker controls template input
Impact It is possible to inject and run code within the template if the attacker has access to write the template name. js const template = require'@blakeembrey/template'; template"Hello name!", "exploit && = console.log'success'; && function pwned"; Patches Upgrade to 1.2.0. Workarounds Don't pa...