SUSE CVE-2022-28946

An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service DoS via triggering out-of-range memory access...

SUSE CVE-2022-44640

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center KDC...

DEBIAN-CVE-2023-0215

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

AZL-37641 CVE-2023-0215 affecting package hvloader for versions less than 1.0.1-2

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

ALPINE-CVE-2023-0215

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

The vulnerability of the Command Line Interface (CLI) of the Cisco Identity Services Engine (ISE) management platform allows a hacker to escalate their privileges.

The vulnerability of the Command Line Interface CLI of the Cisco Identity Services Engine ISE management platform relates to the lack of measures taken to neutralize special elements used in the OS command line. Exploiting this vulnerability can allow attackers to increase their privileges...

[SECURITY] Fedora 36 Update: rust-git-delta-0.13.0-4.fc36

Syntax-highlighting pager for git...

Fedora: Security Advisory for rust-git-delta (FEDORA-2023-3ec32f6d4e)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 37 Update: rust-git-delta-0.13.0-4.fc37

Syntax-highlighting pager for git...

Fedora: Security Advisory for rust-git-delta (FEDORA-2023-e3c8abd37e)

The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the dynamically linked library docmgmt.dll, which is part of the Siemens Solid Edge design and simulation tools, allows a hacker to execute arbitrary code.

The vulnerability of the dynamically linked library docmgmt.dll, which is part of Siemens Solid Edge’s design and simulation tools, relates to the possibility of writing beyond the buffer boundaries in memory during syntax analysis of PAR, ASM, and DFT files. Exploiting this vulnerability can all...

Moderate: Red Hat Security Advisory: go-toolset:rhel8 security and bug fix update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

go-toolset:rhel8 security and bug fix update

An update is available for delve, golang, go-toolset. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming language tools and...

Moderate: go-toolset:rhel8 security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters...

RHEL 7 : go-toolset-1.18 (RHSA-2023:0445)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0445 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: archive/ta...

Moderate: Red Hat Security Advisory: go-toolset and golang security and bug fix update

An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

WordPress Crayon Syntax Highlighter Plugin <= 2.8.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Crayon Syntax Highlighter Type Plugin Vulnerable versions = 2.8.4 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47167 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 6128d1f41a07 Credits István Márt...

XSS via markdown syntax

Description Hi,Maintainer,thanks for reading.I am glad to report a secure problem to you. I found that your forum allows users to use markdown syntax to post articles and comments, but there is no corresponding protection means, which is unsafe. Any user can post dangerous content, like the...

PT-2023-14818 · Discourse · Discourse-Mermaid-Theme-Component +1

Name of the Vulnerable Software and Affected Versions: Discourse Mermaid discourse-mermaid-theme-component version 1.0.0 Description: The issue allows users who can create posts to inject arbitrary HTML on that post, using the Mermaid syntax in Discourse, open-source forum software...

The vulnerability of the library function for working with X.509 certificates, LibKSBA, is related to a numerical overflow in the syntax analyzer CRL. This allows an attacker to execute any code in the target system.

The vulnerability of the library’s certificate handling function for X.509 certificates is related to a numerical overflow in the CRL syntax analyzer. Exploiting this vulnerability allows an attacker to send specially crafted data to the application, trigger a numerical overflow, and execute...