30468 matches found
CGA-MR6F-6X69-27VH
Bulletin has no description...
CGA-387J-788M-Q386
Bulletin has no description...
Security Bulletin: IBM Security Guardium is affected by a PostgreSQL vulnerability (CVE-2024-0985)
Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID:CVE-2024-0985 DESCRIPTION: PostgreSQL could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when running in REFRESH MATERIALIZED VIEW CONCURRENTLY. By persuading a victim...
PT-2024-33860 · WordPress · User Submitted Posts
Name of the Vulnerable Software and Affected Versions: User Submitted Posts WordPress plugin versions prior to 20240516 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...
CVE-2017-18214 affecting package reaper for versions less than 3.1.1-10
CVE-2017-18214 affecting package reaper for versions less than 3.1.1-10. A patched version of the package is available...
CVE-2024-40968 MIPS: Octeon: Add PCIe link status check
In the Linux kernel, the following vulnerability has been resolved: MIPS: Octeon: Add PCIe link status check The standard PCIe configuration read-write interface is used to access the configuration space of the peripheral PCIe devices of the mips processor after the PCIe link surprise down, it ca...
GHSA-QCJ6-VXWX-4RQV Decidim vulnerable to data disclosure through the embed feature
Impact If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embedded such as a Participatory Process, an Assembly, a Proposal, a Result, etc, then some data of this resource could be accessed. Patches version 0.27.6...
Juniper Junos OS Vulnerability (JSA82976)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA82976 advisory. - An Improper Input Validation vulnerability in the 802.1X Authentication dot1x Daemon of Juniper Networks Junos OS allows a local, low-privileged attacker with access to th...
Juniper Junos OS Vulnerability (JSA82999)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA82999 advisory. - A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a...
Juniper Junos OS Vulnerability (JSA82978)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA82978 advisory. - An Improper Input Validation vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS Evolved allows a local, low-privileged attacker to cause a Deni...
Juniper Junos OS Vulnerability (JSA82992)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA82992 advisory. - An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high...
GHSA-3V33-3WMW-3785 yt-dlp has dependency on potentially malicious third-party code in Douyu extractors
Impact yt-dlp's DouyuTV and DouyuShow extractors used a cdn.bootcdn.net URL as a fallback for fetching a component of the crypto-js JavaScript library. When the Douyu extractor is used, yt-dlp extracts this JavaScript code and attempts to execute it externally using PhantomJS. bootcdn.net is owne...
PT-2024-4669
Name of the Vulnerable Software and Affected Versions: OpenSSH versions 8.7 and 8.8 Description: A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is...
CVE-2024-39691 Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to
matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine whether a user has access to the event they're replying to when...
CVE-2024-39687
Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the @id or other resources present within the activity it has...
CVE-2024-37903 Mastodon has improper authorship check on audience extension for existing posts
Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the...
CVE-2024-39473
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension If a process module does not have base config extension then the same format applies to all of it's inputs and the process-baseconfigext i...
CGA-FRV6-3CMW-R66F
Bulletin has no description...
PT-2024-37680 · Unknown · Y Project Ruoyi
Name of the Vulnerable Software and Affected Versions: y project RuoYi versions up to 4.7.9 Description: A vulnerability was found in the function isJsonRequest of the component Content-Type Handler. The manipulation of the argument HttpHeaders.CONTENT TYPE leads to cross site scripting. The atta...
CVE-2020-27824 affecting package openjpeg2 for versions less than 2.3.1-12
CVE-2020-27824 affecting package openjpeg2 for versions less than 2.3.1-12. A patched version of the package is available...