30468 matches found
OPENSUSE-SU-2024:11431-1 libkpathsea6-6.3.3-76.3 on GA media
These are all security issues fixed in the libkpathsea6-6.3.3-76.3 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:11647-1 docker-20.10.11_ce-1.1 on GA media
These are all security issues fixed in the docker-20.10.11ce-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12060-1 patch-2.7.6-5.1 on GA media
These are all security issues fixed in the patch-2.7.6-5.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12332-1 ffmpeg-5-5.1.1-1.1 on GA media
These are all security issues fixed in the ffmpeg-5-5.1.1-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12972-1 libopenssl-1_1-devel-1.1.1u-1.1 on GA media
These are all security issues fixed in the libopenssl-11-devel-1.1.1u-1.1 package on the GA media of openSUSE Tumbleweed...
Read-only users can restore old versions
None...
CVE-2024-36106
A flaw was found in Argo-CD. Error messages in Argo-CD may contain sensitive information, such as clusters and project names, which allows authenticated malicious users to enumerate possible targets...
GHSA-WH78-7948-358J Cilium leaks sensitive information in cilium-bugtool
Impact The output of cilium-bugtool can contain sensitive data when the tool is run with the --envoy-dump flag set against Cilium deployments with the Envoy proxy enabled. Users of the following features are affected: - TLS inspection - Ingress with TLS termination - Gateway API with TLS...
Microsoft’s June 2024 Patch Tuesday Addresses 49 Vulnerabilities
...
CVE-2024-37164 CVAT SSRF via custom cloud storage endpoints
Computer Vision Annotation Tool CVAT is an interactive video and image annotation tool for computer vision. CVAT allows users to supply custom endpoint URLs for cloud storages based on Amazon S3 and Azure Blob Storage. Starting in version 2.1.0 and prior to version 2.14.3, an attacker with a CVAT...
CVE-2023-52447 affecting package kernel for versions less than 5.15.158.1-1
CVE-2023-52447 affecting package kernel for versions less than 5.15.158.1-1. A patched version of the package is available...
CVE-2024-26147 affecting package cert-manager for versions less than 1.11.2-10
CVE-2024-26147 affecting package cert-manager for versions less than 1.11.2-10. A patched version of the package is available...
CVE-2023-45288 affecting package moby-containerd for versions less than 1.6.26-5
CVE-2023-45288 affecting package moby-containerd for versions less than 1.6.26-5. A patched version of the package is available...
CVE-2023-52827 affecting package kernel for versions less than 5.15.158.2-1
CVE-2023-52827 affecting package kernel for versions less than 5.15.158.2-1. A patched version of the package is available...
CVE-2024-35176 affecting package ruby for versions less than 3.1.4-6
CVE-2024-35176 affecting package ruby for versions less than 3.1.4-6. A patched version of the package is available...
CVE-2024-34064 affecting package python-jinja2 for versions less than 3.0.3-4
CVE-2024-34064 affecting package python-jinja2 for versions less than 3.0.3-4. A patched version of the package is available...
CVE-2024-37297 WooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration forms
WooCommerce is an open-source e-commerce platform built on WordPress. A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be...
CVE-2024-29181 @strapi/plugin-content-manager leaks data via relations via the Admin Panel
Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list of associated items they did not create...
CVE-2024-37295 Aimeos Core remote code execution in web server context
Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...
PT-2024-4747
Name of the Vulnerable Software and Affected Versions Android versions prior to the fixed version Description The issue is related to a logic error in the code, which could lead to local escalation of privilege with no additional execution privileges needed. User interaction is required for...