910807 matches found
GHSA-VV7Q-MFPC-QGM5 Unserialized Pop Chain in Laravel
Withdrawn This advisory has been withdrawn because it is not a security issue and the CVE has been revoked. Original Description Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution RCE via an unserialized pop chain in destruct in...
GHSA-M6CH-GG5F-WXX3 HTTP Proxy header vulnerability
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...
HSEC-2024-0003 process: command injection via argument list on Windows
process: command injection via argument list on Windows The process library on Windows is vulnerable to a command injection vulnerability, via cmd.exe's interpretation of arguments. Programs that invoke batch files .bat, .cmd and pass arguments whose values are affected by program inputs may be...
BIT-GITLAB-2025-0652 Incorrect Authorization in GitLab
An issue has been discovered in GitLab EE/CE affecting all versions starting from 16.9 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2 could allow unauthorized users to access confidential information intended for internal use only...
BIT-POSTGRESQL-2024-10977 PostgreSQL libpq retains an error message from man-in-the-middle
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...
GHSA-RM7J-F5G5-27VV Duplicate Advisory: Denial of Service in JSON-Java
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4jq9-2xhw-jpx7. This link is maintained to preserve external references. Original Description Denial of Service in JSON-Java versions prior to 20230618. A bug in the parser means that an input string of modest...
GHSA-485R-RP8V-998V Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability
Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update thei...
GHSA-29Q6-P2CG-4V23 Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin
Pipeline: Input Step Plugin 448.v37cea9a10a70 and earlier allows Pipeline authors to specify file parameters for Pipeline input steps even though they are unsupported. Although the uploaded file is not copied to the workspace, Jenkins archives the file on the controller as part of build metadata...
CVE-2022-2068
In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...
GHSA-7J4H-8WPF-RQFH Missing XML Validation in Apache Xerces2
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment JRE in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlie...
GHSA-C566-2GRG-MJWG Serialization vulnerability in Apache Tapestry
A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the "sp" parameter even before invoking the page's validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to...
GHSA-RV39-3QH7-9V7W Improper Input Validation in Spring Framework
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter...
CVE-2018-20685
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side...
ALSA-2024:7001 Important: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: CVE-2023-6040 CVE-2024-26595 CVE-2021-46984 CVE-2023-52478 CVE-2023-52476 CVE-2023-52522 CVE-2021-47101 CVE-2021-47097 CVE-2023-52605...
BIT-GITLAB-2024-4207 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under...
BIT-GITLAB-2024-4784 Authentication Bypass by Primary Weakness in GitLab
An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy...
BIT-MATTERMOST-2023-1421
A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter...
CVE-2022-43552
A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocat...
GHSA-3MPG-Q26J-83J5 Command injection in yiisoft/yii2-gii
Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file...
GHSA-P4CC-W597-6CPM Cryptographically weak PRNG in `utils.generateUUID`
In Brief utils.generateUUID, a helper function available in essentially all versions of NodeBB as far back as v1.0.1 and potentially earlier used a cryptographically insecure Pseudo-random number generator Math.random, which meant that a specially crafted script combined with multiple invocations...
DSA-5174-1 gnupg2 - security update
Bulletin has no description...
PYSEC-2022-204
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be...
BIT-GITLAB-2024-5528 Incomplete Comparison with Missing Factors in GitLab
An issue was discovered in GitLab CE/EE affecting all versions prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2, which allows a subdomain takeover in GitLab Pages...
BIT-GRAFANA-2024-6322
Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query...
CVE-2022-40982
Information exposure through microarchitectural state after transient execution in certain vector execution units for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...
GHSA-WQ4H-7R42-5HRR Possible shell escape sequence injection vulnerability in Rack
There is a possible shell escape sequence injection vulnerability in the Lint and CommonLogger components of Rack. This vulnerability has been assigned the CVE identifier CVE-2022-30123. Versions Affected: All. Not affected: None Fixed Versions: 2.0.9.1, 2.1.4.1, 2.2.3.1 Impact Carefully crafted...
CVE-2016-6306
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service out-of-bounds read via crafted certificate operations, related to s3clnt.c and s3srvr.c...
DSA-581-1 xpdf - integer overflows
Bulletin has no description...
BIT-APACHE-2025-23048 Apache HTTP Server: mod_ssl access control bypass with session resumption
In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each restricted to a different set of...
BIT-MARIADB-2023-22084
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serve...
BIT-GITLAB-2024-3958 Improper Control of Generation of Code ('Code Injection') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into...
GHSA-248V-346W-9CWC Certifi removes GLOBALTRUST root certificate
Certifi 2024.07.04 removes root certificates from "GLOBALTRUST" from the root store. These are in the process of being removed from Mozilla's trust store. GLOBALTRUST's root certificates are being removed pursuant to an investigation which identified "long-running and unresolved compliance issues...
DLA-3390-1 zabbix - security update
Bulletin has no description...
GHSA-H39Q-95Q5-9JFP OS Command Injection in ansible
A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by...
PYSEC-2021-427
A Regular Expression Denial of Service ReDOS vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called...
DSA-3358-1 php5 - security update
Bulletin has no description...
RHSA-2026:14926 Red Hat Security Advisory: kernel update
Bulletin has no description...
GO-2022-0875 Denial of Service in OpenShift Origin in github.com/openshift/origin
Denial of Service in OpenShift Origin in github.com/openshift/origin...
BIT-GITLAB-2024-6329 Improper Encoding or Escaping of Output in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded...
GHSA-4G9R-VXHX-9PGX Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file
Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue...
ALSA-2023:4034 Important: nodejs:16 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 c-ares: Insufficient...
CVE-2023-22460 go-ipld-prime json codec may panic if asked to encode bytes
go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON...
CVE-2022-43551
A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...
DSA-4466-1 firefox-esr - security update
Bulletin has no description...
UBUNTU-CVE-2017-11145
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelibmeridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parsedate.c out-of-bounds reads affecting the...
DLA-341-1 php5 - security update
Bulletin has no description...
DLA-3931-1 ghostscript - security update
Bulletin has no description...
GHSA-XR7Q-JX4M-X55M Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go
Impact This issue represents a potential PII concern. If applications were printing or logging a context containing gRPC metadata, the affected versions will contain all the metadata, which may include private information. Patches The issue first appeared in 1.64.0 and is patched in 1.64.1 and...
MAL-2024-2063 Malicious code in dashboard (npm)
False positive caused by problematic ingestion. --- -= Per source details. Do not edit below this line.=-...
BIT-ELASTICSEARCH-2024-37280 Elasticsearch StackOverflow vulnerability
A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of...