85 matches found
nodejs:20 security update
nodejs 1:20.18.2-1 - Update to version 20.18.2 Fixes: CVE-2025-23083 CVE-2025-23085 CVE-2025-22150 Resolves: RHEL-76001 RHEL-76146 1:20.16.0-1 - Update to 20.16.0 Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020 1:20.12.2-2 - Backport nghttp2 patch for CVE-2024-28182 1:20.12.2-1 - Rebase to...
Important: Red Hat Security Advisory: RHTAS 1.1.1 - Red Hat Trusted Artifact Signer Release
The 1.1.1 release of Red Hat Trusted Artifact Signer OpenShift Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.1 The RHTAS Operator can be used with OpenShift Container Platform 4.14, 4.15, 4.16 and...
Grafana Labs 10.4.x < 10.4.15 / 11.0.x < 11.0.11 / 11.1.x < 11.1.11 / 11.2.x < 11.2.6 / 11.3.x < 11.3.3 / 11.4.x < 11.4.1, 11.5.0 (cve-2024-11741)
The version of Grafana Labs installed on the remote host is prior to 10.4.15, 11.0.11, 11.1.11, 11.2.6, 11.3.3, or 11.4.1, 11.5.0. It is, therefore, affected by a vulnerability as referenced in the cve-2024-11741 advisory. - Grafana is an open-source platform for monitoring and observability. The...
[SECURITY] Fedora 40 Update: chromium-132.0.6834.83-1.fc40
Chromium is an open-source web browser, powered by WebKit Blink...
Debian: Security Advisory (DSA-5829-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-41704
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images...
Telerik JustDecompile 安全漏洞
Telerik JustDecompile is a free .NET decompiler and assembly browser from Telerik Bulgaria. A security vulnerability exists in Telerik JustDecompile versions prior to 2024 R1, which stems from an elevation of privilege vulnerability that allows a less privileged user to elevate their privileges o...
PT-2024-14045 · Qstar · Qstar Archive Solutions
Name of the Vulnerable Software and Affected Versions: QStar Archive Solutions version RELEASE 3-0 Build 7 Patch 0 Description: The issue is an authenticated remote code execution vulnerability that allows attackers to arbitrarily execute commands. Recommendations: For QStar Archive Solutions...
OPENSUSE-SU-2023:0137-1 Security update for guile1, lilypond
This update for guile1, lilypond fixes the following issues: guile1: - Add service file to download release from git excluding the directory with commercial non free files. - Update to version 2.2.6 to enable lilypond to be updated to 2.24.1 to fix boo1210502 and CVE-2020-17354. lilypond: - Updat...
SUSE-SU-2023:2221-1 Security update for conmon
This update of conmon fixes the following issues: - rebuild the package with the go 19.9 secure release bsc1200441...
CVE-2023-28846 Denial of Service in unpoly-rails
Unpoly is a JavaScript framework for server-side web applications. There is a possible Denial of Service DoS vulnerability in the unpoly-rails gem that implements the Unpoly server protocol for Rails applications. This issues affects Rails applications that operate as an upstream of a load...
SUSE CVE-2020-15190
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the tf.rawops.Switch operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. Howeve...
golang security update
1.17.13-1.0.1 - golang-1.17.13 release - Update tarball and version number in specfile - Reviewed-by: Jose E. Marchesi 1.17.12-1.0.1 - golang-1.17.12-1 release - Update tarball and version number in specfile - Reviewed-by: Indu Bhagat 1.17.11-1.0.1 - golang-1.17.11-1 package initial release - Add...
OPENSUSE-SU-2021:0977-1 Security update for virtualbox
This update for virtualbox fixes the following issues: - Update vboxdrv.sh per boo1186361 Version bump to 6.1.22 released April 29 2021 by Oracle - This is a maintenance release. The following items were fixed and/or added: - VMM: Improved performance of 64-bit Windows and Solaris guests when...
Multiple Plugins from CRM Perks - Reflected Cross-Site Scripting
Numerous plugins from the CRM Perks vendor do not escape parameters before outputting them back in attributes in admin pages, leading to a Reflected Cross-Site Scripting issues executed in the context of a logged in administrator. It first started with an obvious XSS via the vxdebug GET parameter...
SUSE-SU-2021:2660-1 Security update for grafana
This update for grafana fixes the following issues: - CVE-2021-27358: unauthenticated remote attackers to trigger a Denial of Service via a remote API call bsc1183803 - Update to version 7.5.7: Updated relref to 'Configuring exemplars' section 34240 34243 Added exemplar topic 34147 34226 Quota: D...
CVE-2021-21362
MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-04T00-53-13Z it is possible to bypass a readOnly policy by creating a temporary 'mc share upload' URL. Everyone is impacted who us...
OPENSUSE-SU-2021:0082-1 Security update for nodejs10
This update for nodejs10 fixes the following issues: - New upstream LTS version 10.23.1: CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as...
OPENSUSE-SU-2020:0854-1 Security update for mozilla-nspr, mozilla-nss
This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53 - CVE-2020-12399: Fixed a timing attack on DSA signature generation bsc1171978. - CVE-2019-17006: Added length checks for cryptographic primitives bsc1159819. Release notes:...
CVE-2020-11012
MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has bee...