1779 matches found
CVE-2018-25010
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter...
RLSA-2021:1853 Moderate: unbound security, bug fix, and enhancement update
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: integer overflow in the regional allocator via regionalalloc CVE-2019-25032 unbound: integer overflow in sldnsstr2wirednamebuforigin can lead to an out-of-bounds write CVE-2019-25034...
certmonger bug fix and enhancement update
An update is available for certmonger. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...
CVE-2021-29525 Division by 0 in `Conv2DBackpropInput`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2DBackpropInput. This is because the...
[SECURITY] Fedora 34 Update: kernel-5.11.19-300.fc34
The kernel meta package...
OS Command Injection in falconchristmas/fpp
✍️ Description Hi, in https://github.com/FalconChristmas/fpp/blob/721c99aed6897792bf7f79fa02a280995e27d409/www/gitCheckoutVersion.phpL38 : php A system function is called with a user input, a malicious user could profit from it if the version variable contains a command 🕵️♂️ Proof of Concept...
CVE-2021-22677
The CVE-2021-22677 entry concerns an integer overflow in the host MCU API when attempting to connect to a Wi‑Fi network, potentially enabling denial‑of‑service or code execution. Affected TI SimpleLink families and SDKs include MSP432E4 (v4.20.00.12 and earlier), CC32XX (v4.30.00.06 and earlier),...
CS Money: Previously created sessions continue being valid after MFA activation
Summary: Hi, team. This is the same issue of 667739. Please take a look. I found one issue related to your 2FA system on https://cs.money/security/ Steps To Reproduce: 1. access the same account on https://cs.money/ in two devices 1. on device 'A' go to https://cs.money/security/ complete all ste...
Code Injection in c0oki3s/python-tools
✍️ Description python-tools is using an unsecure input function in https://github.com/C0oki3s/python-tools/blob/main/Dircreate/Dircreate.pyL8. Given that the script can be run using python2 or python3, if you feed the program with a python command and the python interpreter is python2, then the...
CVE-2021-25677
CVE-2021-25677 concerns DNS transaction ID randomness in Siemens DNS clients across multiple products (APOGEE PXC BACnet/P2 Ethernet, Nucleus NET/ReadyStart, SIMOTICS CONNECT 400, TALON TC). Root cause: DNS client does not properly randomize transaction IDs, enabling potential DNS cache poisoning...
Elastic: Improper authorization on `/api/as/v1/credentials/` allows any App Search user to access all API keys and escalate privileges
Summary Hello team, I hope you're doing well! App Search has a credentials page located at /as/credentials that lists all the API keys a user has access to, if any. That same page will 404 for users with Analyst or Editor role. This is all working as intended, however there is also an API endpoin...
SUSE: Security Advisory (SUSE-SU-2016:2592-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:0998-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:0459-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:1699-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2015:1705-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:1596-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Kryptor: Kryptor/SECURITY.md missing HACKERONE program update.
Hi Team, I was going through code and found that in this https://github.com/samuel-lucas6/Kryptor/blob/master/SECURITY.md , "Security Policy" is missing update regrading Hackerone platform that "Security Bug now be submitted @ https://hackerone.com/kryptor/ this . Please update the policy...
SUSE-SU-2021:1177-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP2 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known ...
CVE-2021-27905 SSRF vulnerability with the Replication handler
The ReplicationHandler normally registered at "/replication" under a Solr core in Apache Solr has a "masterUrl" also "leaderUrl" alias parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability,...