65 matches found
OPENSUSE-SU-2023:0216-1 Security update for chromium
This update for chromium fixes the following issues: Chromium 115.0.5790.170 boo1213920 CVE-2023-4068: Type Confusion in V8 CVE-2023-4069: Type Confusion in V8 CVE-2023-4070: Type Confusion in V8 CVE-2023-4071: Heap buffer overflow in Visuals CVE-2023-4072: Out of bounds read and write in WebGL...
PT-2023-36092 · Ftp · Ftp
Name of the Vulnerable Software and Affected Versions: ftp affected versions not specified Description: The ftp crate is no longer maintained. It is recommended to use the suppaftp crate instead. Recommendations: At the moment, there is no information about a newer version that contains a fix for...
GSD-2022-1008101 net, neigh: Fix null-ptr-deref in neigh_table_clear()
net, neigh: Fix null-ptr-deref in neightableclear This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.154 by commit...
SUSE-SU-2022:4253-1 Security update for busybox
This update for busybox fixes the following issues: - CVE-2014-9645: Fixed loading of unwanted modules with / bsc914660. - CVE-2017-16544: Fixed insufficient sanitization of filenames when autocompleting bsc1069412. - CVE-2015-9261: Fixed huftbuild misuses a pointer, causing segfaults bsc1102912....
SAMSUNG Mobile devices 路径遍历漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A path traversal vulnerability exists in the SMR Sep-2022 Release 1 version of SAMSUNG Mobile devices, which stems from CallBGProvider containing a pa...
MAL-2022-3450 Malicious code in graymatte5r (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3df90e6a8af9b58e84c12b18814bd52a8a3bc82b7f822bd131063216ba7c76a3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-HQFH-P9H7-M6V5 Dolibarr ERP and CRM contain XSS Vulnerability
Dolibarr version 6.0.2 contains a Cross Site Scripting XSS vulnerability in Product details that can result in execution of javascript code. The maintainers state that the issue is fixed in version 7.0.0...
GSD-2022-1001761 ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
ubifs: Fix read out-of-bounds in ubifswbufwritenolock This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.33 by commit...
SUSE-SU-2021:3540-1 Security update for libvirt
This update for libvirt fixes the following issues: Security issue fixed: - CVE-2021-3667: Fixed a DoS vulnerability in the libvirt virStoragePoolLookupByTargetPath API. bsc1188843 Non-security issues fixed: - resolved hangs/crashes on libvirtd shutdown bsc1182783 - qemu: Normalize MAC address in...
Update of bind-sdb, bind-libs, bind-devel, bind, bind-utils, bind-chroot
...
CVE-2021-25370
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic...
Information Disclosure
gitlab is vulnerable to information disclosure. It exposes private group and project membership via GraphQL in GitLab CE/EE 13.1...
CVE-2020-25821
peg-markdown 0.4.14 has a NULL pointer dereference in processrawblocks in markdownlib.c. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
“We Need COBOL Programmers!” No, You Probably Don’t
Editor's note: While this topic isn't entirely security-specific, Trend Micro leader William Malik, has career expertise on the trending topic and shared his perspective. ---- There was a provocative report recently that the Governor of New Jersey told reporters that the state of New Jersey neede...
(RHSA-2020:0637) Low: Red Hat Satellite 5 - 90 day End Of Life Notice
After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the...
Cisco Software Maintenance Update Enumeration
It is possible to enumerate the installed Cisco Software Maintenance Updates on the remote Cisco device using the 'show install active' or 'show version' command. TRUSTED...
CVE-2019-17050
CVE-2019-17050 affects the Voyager package for Laravel up to version 1.2.7. An attacker with admin privileges and Compass access can read or delete arbitrary files, including the .env file. The public references cite this issue and note a suggested mitigation: disable Compass in production. The c...
SUSE-SU-2019:1810-1 Security update for postgresql10
This update for postgresql10 fixes the following issues: Security issue fixed: - CVE-2019-10164: Fixed buffer-overflow vulnerabilities in SCRAM verifier parsing bsc1138034. - CVE-2019-10130: Prevent row-level security policies from being bypassed via selectivity estimators bsc1134689. Bug fixes: ...
MGASA-2018-0468 Updated libpng(12) packages fix security vulnerability
In libpng until version 1.6.35, a wrong calculation of rowfactor in the pngcheckchunklength function pngrutil.c may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. CVE-2018-13785 This update fixes it, also providing the...
Replace Citrix Licensing Certificate once expired
...