907650 matches found
CVE-2021-3711
In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...
DLA-2391-1 ruby2.3 - security update
Bulletin has no description...
GHSA-769F-539V-F5JG PrestaShop gamification module ZIP archives were vulnerable from CVE-2017-9841
Impact We have identified that some gamification module ZIP archives have been built with phpunit dev dependencies. PHPUnit contains a php script that would allow, on a webserver, an attacker to perform a RCE. This vulnerability impacts - phpunit before 4.8.28 and 5.x before 5.6.3 as reported in...
DLA-1885-1 linux-4.9 - security update
Bulletin has no description...
GHSA-J965-2QGJ-VJMQ JavaScript SDK v2 users should add validation to the region parameter value in or migrate to v3
CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. Per the AWS shared responsibilit...
BIT-GITLAB-2024-9633 Incorrect Ownership Assignment in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain,...
BIT-MYSQL-CLIENT-2023-22084
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Serve...
GHSA-9WMC-RG4H-28WV github.com/kumahq/kuma affected by CVE-2023-44487
Impact Envoy and Go HTTP/2 protocol stack is vulnerable to the "Rapid Reset" class of exploits, which send a sequence of HEADERS frames optionally followed by RSTSTREAM frames. This can be exercised if you use the builtin gateway and receive untrusted http2 traffic. Patches...
PYSEC-2023-74
Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use rebuildproxies to reattach the Proxy-Authorization header to requests. For HTTP connections sent...
GHSA-PRCG-MC23-HGJH phpmyadmin contains SQL Injection vulnerability
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.0.2 via the tblstorageengine or tblcollation parameters to tblcreate.php...
GHSA-QWPH-4952-7XR6 jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
Overview In versions =8.5.1 of jsonwebtoken library, lack of algorithm definition and a falsy secret or key in the jwt.verify function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification. Am I affected? You will be affected if all the followi...
GHSA-27H2-HVPR-P74Q jsonwebtoken has insecure input validation in jwt.verify function
Overview For versions =8.5.1 of jsonwebtoken library, if a malicious actor has the ability to modify the key retrieval parameter referring to the secretOrPublicKey argument from the readme link of the jwt.verify function, they can gain remote code execution RCE. Am I affected? This security issue...
DSA-5215-1 open-vm-tools - security update
Bulletin has no description...
GHSA-G54X-29XV-58H5 Remote code execution in Subrion
Subrion is an open source php content management system. A Remiote Code Execution RCE vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval...
DLA-2397-1 php7.0 - security update
Bulletin has no description...
MAL-2025-22760 Malicious code in http (npm)
The package http was found to contain malicious code...
BIT-MARIADB-2024-21096
Vulnerability in the MySQL Server product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to...
GHSA-VCWC-6MR9-8M7C Cross-site Scripting in phpmyadmin
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection...
CVE-2021-44790
A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...
GHSA-7534-MM45-C74V Buffer Overflow in Pillow
Pillow through 8.2.0 and PIL aka Python Imaging Library through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c...
GHSA-WFCC-PFF6-RGC5 Jetty vulnerable to exposure of sensitive information due to observable discrepancy
Jetty through 9.4.x contains a timing channel attack in util/security/Password.java, which allows attackers to obtain access by observing elapsed times before rejection of incorrect passwords...
CVE-2025-32728
In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding...
CVE-2024-38476
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
BIT-APACHE-2021-44224 Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier
A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint Server Side Request Forgery...
BIT-APACHE-2022-26377 mod_proxy_ajp: Possible request smuggling
Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions...
CVE-2023-42282
The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via isPublic...
GHSA-45X7-PX36-X8W8 Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
Summary Terrapin is a prefix truncation attack targeting the SSH protocol. More precisely, Terrapin breaks the integrity of SSH's secure channel. By carefully adjusting the sequence numbers during the handshake, an attacker can remove an arbitrary amount of messages sent by the client or server a...
PYSEC-2023-228
When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call ie "--config". Controlling the Mercurial configuration can modify how and which...
GHSA-HPX4-R86G-5JRG @adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS
Impact @adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS. Patches The issue has been resolved in 4.3.1. Workarounds None References N/A...
RUSTSEC-2021-0097 SM2 Decryption Buffer Overflow
In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...
GHSA-Q8Q8-93CV-V6H8 Lookup function information discolosure in helm
The Helm core maintainers have identified an information disclosure vulnerability in Helm 3.0.0-3.1.2. Impact lookup is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about them. This c...
BIT-PYTHON-2025-12084 Quadratic complexity in node ID cache clearing
When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...
CVE-2023-49102
NZBGet 21.1 allows authenticated remote code execution because the unarchive programs 7za and unrar preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products...
GHSA-2GGP-CMVM-F62F ScanCode.io command injection in docker image fetch process
Command Injection in docker fetch process Summary A possible command injection in the docker fetch process as it allows to append malicious commands in the dockerreference parameter. Details In the function scanpipe/pipes/fetch.py:fetchdockerimage1 the parameter dockerreference is user...
GHSA-9324-JV53-9CC8 dio vulnerable to CRLF injection with HTTP method string
Impact The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669. Patches The vulnerability has been resolved by https://github.com/cfug/dio/commit/927f79e93ba39f3c3a12c190624a55653d577984, and included sinc...
CVE-2023-22460 go-ipld-prime json codec may panic if asked to encode bytes
go-ipld-prime is an implementation of the InterPlanetary Linked Data IPLD spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON...
GHSA-RVGF-69J7-XH78 Uncontrolled Resource Consumption in @discordjs/opus
Improperly handled errors in @discordjs/opus cause hard crashes instead of returning the error to user land. All versions of package @discordjs/opus = 0.7.0 are vulnerable to Denial of Service DoS when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads t...
GHSA-RXQH-FC23-GXP2 Improper Input Validation in Apache ActiveMQ
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request...
GHSA-V6GP-9MMM-C6P5 Out-of-bounds Write in zlib affects Nokogiri
Summary Nokogiri v1.13.4 updates the vendored zlib from 1.2.11 to 1.2.12, which addresses CVE-2018-25032. That CVE is scored as CVSS 7.4 "High" on the NVD record as of 2022-04-05. Please note that this advisory only applies to the CRuby implementation of Nokogiri = v1.13.4. Impact CVE-2018-25032 ...
GHSA-J7QV-PGF6-HVH4 XSS in `*Text` options of the Datepicker widget in jquery-ui
Impact Accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: js $ "datepicker" .datepicker showButtonPanel: true, showOn: "both", closeText: "doEvilThing 'closeText XSS...
CVE-2021-22939
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted...
CGA-V9JG-XXWX-27JR
Bulletin has no description...
SUSE-SU-2024:2010-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26921: Preserve kabi for skbuff bsc1223138. - CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free bsc1225201. - CVE-2021-47496: Fix...
ALSA-2024:3138 Moderate: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section. Additional...
BIT-APACHE-2023-27522 Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting
HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client...
BIT-2023-44487
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
GSD-2023-1002311 mmc: mmc_spi: fix error handling in mmc_spi_probe()
mmc: mmcspi: fix error handling in mmcspiprobe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.13 by commit...
GHSA-VV6J-5X58-Q2C3 Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF)
Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
OSV-2022-331 Stack-buffer-overflow in void unwindstack::Symbols::BuildRemapTable<Elf64_Sym>
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46546 Crash type: Stack-buffer-overflow READ Crash state: void unwindstack::Symbols::BuildRemapTable bool unwindstack::Symbols::GetName unwindstack::ElfInterfaceImpl::GetFunctionName...
ASB-A-196926917
In unixscmtoskb of afunix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...