Fedora: Security Advisory for rubygem-activemodel (FEDORA-2023-7002afbbb8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: rubygem-activemodel-7.0.4.3-1.fc37

A toolkit for building modeling frameworks like Active Record. Rich support for attributes, callbacks, validations, serialization, internationalization, and testing...

[SECURITY] Fedora 38 Update: rubygem-activemodel-7.0.4.3-1.fc38

A toolkit for building modeling frameworks like Active Record. Rich support for attributes, callbacks, validations, serialization, internationalization, and testing...

Denial Of Service (DoS)

apacheairflowprovidersgoogle is vulnerable to Denial of Service DoS attacks. The vulnerability is due to improper input validations in cloudsql.py, resulting in an application crash...

Heap-based Buffer Overflow

libgpac.so is vulnerable to Heap-based Buffer Overflow. The vulnerability exists in mp3dmxprocess function of filters/reframemp3.c due to improper validations of buffer size which allows an attacker to cause an overflow resulting in an application crash...

Session Fixation

symfony is vulnerable to Session Fixation.The vulnerability exists due to the lack of validations in security.xml, which allows an attacker to gain unauthorized access to an account...

SUSE CVE-2021-3655

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory...

Use After Free

libgpac.so is vulnerable to Use-After-Free. The vulnerability exists due to a lack of entity value validations in the m2tsdmxdeclarepid parameter in dmxm2ts.c which leads to memory consumption resulting in an application crash...

Denial Of Service (DOS)

libgpac.so is vulnerable to Denial of Service. The vulnerability exists due to a lack of entity value validations in the descriptors.c which leads to use-after-free resulting in an application crash...

USN-5826-1: Privoxy vulnerabilities

Joshua Rogers discovered that Privoxy incorrectly handled memory allocation. An attacker could possibly use this issue to cause a denial of service. CVE-2021-44540 Artem Ivanov discovered that Privoxy incorrectly handled input validations. An attacker could possibly use this issue to perform...

Path Injection

github.com/fkie-cad/yapscan is vulnerable to path injection. The vulnerability exists due to lack of permission validations in the report receiver server which allows an attacker to perform log injections...

Command Injection

kylin-server-base is vulnerable to command injection. The vulnerability exists due to the missing parameter validations in the library, which allows an attacker to inject and execute malicious commands through an HTTP request...

Reflected File Download

sinatra is vulnerable to reflected file download. The vulnerability exists because of missing validations of attachment function in base.rb which allows an attacker to perform untrusted file downloads...

Remote Code Execution (RCE)

Apache Flume is vulnerable to remote code execution. The vulnerability exists due to improper validations of jms source and provider url where the attacker can use the jms source with an unsafe provider url causing arbitrary code executions...

Arbitrary Code Injection

azurecli is vulnerable to arbitrary code injection. The vulnerability exist in azurecli only when running on windows, due to incorrect input validations during the submission of values containing & or | symbols which allows an attacker to inject and execute malicious code into the system...

Use After Free

libexpat.so is vulnerable to use-after-free. The vulnerability exists due to a lack of entity value validations in the XMLParserFree parameter of the parserCreate function in xmlparse.c. An attacker could exploit it to lead to memory consumption resulting in an application crash...

Privilege Escalation

rdiffweb is vulnerable to Privilege Escalation. An origin validation error allows a malicious user to elevate their privileges, due to insufficient validations in setheaders function in tools/secureheaders.py...

Remote Code Execution

Dolibarr is vulnerable to remote code execution. By default, it is possible to add any administrator to the installation page, which enables the malicious user to inject and execute malicious code on the target system due to improper validations in the verifCond function in functions.lib.php...

Cross-Site Scripting (XSS)

rdiffweb is vulnerable to cross-site scripting. The vulnerability exists due to lack of validations in fullname,username and email which allows a remote attacker to inject and execute malicious javascript into the system...

CVE-2022-1959

AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations...