RHSA-2016:0308 Red Hat Security Advisory: rabbitmq-server security and bugfix update

Bulletin has no description...

RHSA-2009:1528 Red Hat Security Advisory: samba security and bug fix update

Bulletin has no description...

GHSA-WH2W-39F4-RPV2 Hyperledger Indy's update process of a DID does not check who signs the request

Name Updating a DID with a nym transaction will be written to the ledger if neither ROLE or VERKEY are being changed, regardless of sender. Description A malicious DID with no particular role can ask an update for another DID but cannot modify its verkey or role. This is bad because: 1. Any DID c...

Hyperledger Indy's update process of a DID does not check who signs the request

Name Updating a DID with a nym transaction will be written to the ledger if neither ROLE or VERKEY are being changed, regardless of sender. Description A malicious DID with no particular role can ask an update for another DID but cannot modify its verkey or role. This is bad because: 1. Any DID c...

CVE-2024-36899 gpiolib: cdev: Fix use after free in lineinfo_changed_notify

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfochangednotify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpiochrdevrelease, watchedlines is freed by bitmapfree, but the...

CVE-2022-4967

strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch CWE-297. When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be...

OSV-2024-434 Use-of-uninitialized-value in validate_bluetooth_device_address

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68420 Crash type: Use-of-uninitialized-value Crash state: validatebluetoothdeviceaddress handleonbluetoothdeviceadded fuzzeronbluetoothdeviceadded...

GHSA-WJ37-MPQ9-XRCM Mattermost fails to limit the number of active sessions

Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions table...

CVE-2024-29838 Unsanitised variable on DAL_ADD in Evolution Controller causes application level denial of service and crash

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below does not proper sanitize user input, allowing for an unauthenticated attacker to crash the controller software...

BIT-GITLAB-2021-22245

Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view...

BIT-MEDIAWIKI-2020-25813

In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users...

BIT-SUITECRM-2021-31792

XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field...

BIT-MOODLE-2023-5542 Moodle: students can view other users in "only see own membership" groups

Students in "Only see own membership" groups could see other students in the group, which should be hidden...

BIT-LUA-2020-15945

Lua 5.4.0 fixed in 5.4.1 has a segmentation fault in changedline in ldebug.c e.g., when called by luaGtraceexec because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function...

BIT-GITLAB-2023-6033 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim's browser...

CVE-2021-47090

In the Linux kernel, the following vulnerability has been resolved: mm/hwpoison: clear MFCOUNTINCREASED before retrying getanypage Hulk Robot reported a panic in putpagetestzero when testing madvise with MADVSOFTOFFLINE. The BUG is triggered when retrying getanypage. This is because we keep...

CWA 2203 CU5 | ALT key remains activated after CTRL + ALT + DEL

Using CTRL+ALT+DEL results in the ALT key remaining activated. Following inputs will either open menus or add "Alt" in front of the pressed letter/key...

CVE-2024-25713

yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the poolfree function lacks loop checks. poolfree is part of the pool series allocator, along with poolmalloc and poolrealloc...

GHSA-XJPW-HX47-RCCV PaddlePaddle floating point exception in paddle.nanmedian

FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service...

Elastic Beats inserts sensitive information into log file

An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...