Fedora: Security Advisory for golang-github-envoyproxy-protoc-gen-validate (FEDORA-2022-08ae2dd481)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-30284

Removed by vendor...

Fedora: Security Advisory for golang-github-envoyproxy-protoc-gen-validate (FEDORA-2022-5cbd6de569)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-envoyproxy-protoc-gen-validate (FEDORA-2022-3a63897745)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: golang-github-envoyproxy-protoc-gen-validate-0.4.1-5.fc34

Protoc plugin to generate polyglot message validators...

[SECURITY] Fedora 35 Update: golang-github-envoyproxy-protoc-gen-validate-0.4.1-5.fc35

Protoc plugin to generate polyglot message validators...

Potential Captcha Validate Bypass in flask-session-captcha

Impact flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. The captcha.validate function would return None if passed no value e.g. by submitting a request with an empty form. If implementing users were checking th...

Insecure Return Value

flasksessioncaptcha has insecure return value. The vulnerability exists in validate function in init.py because it returns None instead of False if no value passed which allows an attacker to bypass the checks...

ALPINE-CVE-2022-24792

PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length...

Cross-site Scripting (XSS)

xml2rfc is vulnerable to cross-site scripting. The vulnerability exists in the validate function in base.py due to lack of input validation which allows an attacker to inject and craft svg images embedded with malicious scripts...

GSD-2022-1002256 udmabuf: validate ubuf->pagecount

udmabuf: validate ubuf-pagecount This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.189 by commit 5d50f851dd307c07ca5591297093f19967c834a9, it...

GSD-2022-1001556 udmabuf: validate ubuf->pagecount

udmabuf: validate ubuf-pagecount This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit a3728d32fc61eb0fe283cb8ff60b2c8f751e2202, it...

GSD-2022-1001247 udmabuf: validate ubuf->pagecount

udmabuf: validate ubuf-pagecount This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit 9e9b4a269f84d3230f2af84ff42322db676440d9, it...

nuclei-templates

This repository is a collection of community-curated templates for the nuclei engine to find security vulnerabilities in applications. The templates are stored in the cves/ directory and are used by the nuclei scanner to identify potential vulnerabilities. The repository also contains workflows f...

PYSEC-2022-194

PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content...

UBUNTU-CVE-2022-0998

An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhostvdpaconfigvalidate function. This flaw allows a local user to crash or potentially escalate their privileges on the system...

Linux kernel 输入验证错误漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel virtio device driver, which stems from an integer overflow flaw in the way a user triggers the vhostvdpaconfigvalidate function. An attacker could cras...

CVE-2022-0123

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes it possible to perform MitM attacks on connections to these external services...

OESA-2022-1581 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

pcs bug fix and enhancement update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Bug Fixes and Enhancements: Enabling sbd before starting the cluster sets an incorrect validate-with value in /var/lib/pacemaker/cib/cib.xml BZ2042433...