25 matches found
BIT-REDIS-2025-32023 Redis allows out of bounds writes in hyperloglog commands leading to RCE
Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The...
EUVD-2019-18067
Malware in sbrugna...
EUVD-2020-25091
Malware in sbrugna...
EUVD-2022-49479
Malicious code in bioql PyPI...
EUVD-2023-31655
Malicious code in bioql PyPI...
CVE-2025-54140 pyLoad has Path Traversal Vulnerability in json/upload Endpoint that allows Arbitrary File Write
pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload...
CVE-2020-29612
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to execute arbitrary code with system privileges...
CVE-2023-52941 can: isotp: split tx timer into transmission and timeout
In the Linux kernel, the following vulnerability has been resolved: can: isotp: split tx timer into transmission and timeout The timer for the transmission of isotp PDUs formerly had two functions: 1. send two consecutive frames with a given time gap 2. monitor the timeouts for flow control frame...
ALSA-2025:2500 Important: tigervnc security update
Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients...
squid: Fix of CVE-2024-45802
CVE-2024-45802: disable ESI...
RHSA-2021:1086 Red Hat Security Advisory: 389-ds:1.4 security and bug fix update
Bulletin has no description...
RHSA-2015:1793 Red Hat Security Advisory: qemu-kvm security fix update
Bulletin has no description...
RHSA-2009:1081 Red Hat Security Advisory: kernel-rt security and bug fix update
Bulletin has no description...
RUSTSEC-2024-0407 Fails to ensure slice elements match the slice's declared type
Affected versions allow populating a DistributedSlice of T with elements of an arbitrary other type that coerces to T. For example, elements of type &&str could end up in a slice of type &str, since &&str coerces to &str via a deref coercion. The flaw was corrected by implementing typechecking fo...
sharp vulnerability in libwebp dependency CVE-2023-4863
Overview sharp uses libwebp to decode WebP images and versions prior to the latest 0.32.6 are vulnerable to the high severity https://github.com/advisories/GHSA-j7hp-h8jx-5ppr. Who does this affect? Almost anyone processing untrusted input with versions of sharp prior to 0.32.6. How to resolve...
GSD-2023-1001073 usb: gadget: f_hid: fix f_hidg lifetime vs cdev
usb: gadget: fhid: fix fhidg lifetime vs cdev This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.86 by commit...
CVE-2022-32828
The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory...
GSD-2022-1002889 staging: rtl8712: fix uninit-value in r871xu_drv_init()
staging: rtl8712: fix uninit-value in r871xudrvinit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.15 by commit...
MGASA-2022-0226 Updated php-smarty packages fix security vulnerability
Template authors could inject php code by choosing a malicious block name or include file name. CVE-2022-29221...
MGASA-2021-0474 Updated xstream/xmlpull/mxparser packages fix security vulnerability
Multiple security vulnerabilities have been discovered in XStream. See references for details...