92 matches found
CVE-2025-54804 Russh is missing an overflow check during channel windows adjust
Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an...
编号撤回
Both libsoup and GNOME are products of the GNOME project. libsoup is an HTTP client/server library for GNOME. GNOME is a set of purely free computer software. It is used to provide a graphical desktop environment. This CVE number has been withdrawn...
CVE-2025-48937 matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. matrix-sdk-crypto since version 0.8.0 and up to 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those event...
Malicious code in apple-appstore-server-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4ffc44075c7a6123e6fd516c9e8c1abbd98b481d26ae67ee10e814bec86bbe7a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
RLSA-2025:0791 Important: libsoup security update
The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict CVE-2024-52531 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...
CVE-2024-47614
async-graphql is a GraphQL server library implemented in Rust. async-graphql before 7.0.10 does not limit the number of directives for a field. This can lead to Service Disruption, Resource Exhaustion, and User Experience Degradation. This vulnerability is fixed in 7.0.10...
Important: Red Hat Security Advisory: libsoup security update
An update for libsoup is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...
Important: Red Hat Security Advisory: libsoup security update
An update for libsoup is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Important: Red Hat Security Advisory: libsoup security update
An update for libsoup is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Important: libsoup security update
The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: buffer overflow via UTF-8 conversion in soupheaderparseparamliststrict CVE-2024-52531 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...
CVE-2024-43096
In buildreadmultirsp of gattsr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-43771
In gattsprocessreadreq of gattsr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-52813
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applicatio...
libsoup security update
An update is available for libsoup. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libsoup packages provide an HTTP client and server library for GNOME...
Important: Red Hat Security Advisory: libsoup security update
An update for libsoup is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
ALSA-2024:9573 Important: libsoup security update
The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: infinite loop while reading websocket data CVE-2024-52532 libsoup: HTTP request smuggling via stripping null bytes from the ends of header names CVE-2024-52530 For more details about the security...
The vulnerability of the Jenkins Automation Remoting server library allows for the execution of arbitrary code.
The vulnerability of the Jenkins Automation Remoting server library is related to deficiencies in path name restrictions for restricted access catalogs. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading class and resource files from the controller via...
CLSA-2024-1721929402 openssh: Fix of CVE-2024-6409
CVE-2024-6409: fix signal handler race condition vulnerability in sshd server...
CVE-2024-40648 `UserIdentity::is_verified` not checking verification status of own user identity while performing the check in matrix-rust-sdk
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. The UserIdentity::isverified method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check and may as a result retur...
CVE-2024-37334
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability...