908024 matches found
GSD-2023-1002311 mmc: mmc_spi: fix error handling in mmc_spi_probe()
mmc: mmcspi: fix error handling in mmcspiprobe This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.13 by commit...
GHSA-VV6J-5X58-Q2C3 Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF)
Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
OSV-2022-331 Stack-buffer-overflow in void unwindstack::Symbols::BuildRemapTable<Elf64_Sym>
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46546 Crash type: Stack-buffer-overflow READ Crash state: void unwindstack::Symbols::BuildRemapTable bool unwindstack::Symbols::GetName unwindstack::ElfInterfaceImpl::GetFunctionName...
ASB-A-196926917
In unixscmtoskb of afunix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
GHSA-M2JH-FXW4-GPHM HTTP Host Header Injection
Meta CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:O/RC:C 3.5 Problem It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the frontend...
CVE-2018-15599
The recvmsguserauthrequest function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSHMSGUSERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase...
BIT-PYTHON-2025-4517 Arbitrary writes via tarfile realpath overflow
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract using the filter= parameter with a value of...
CVE-2025-24375 MySQL K8s charm could leak credentials for root-level user `serverconfig`
Charmed MySQL K8s operator is a Charmed Operator for running MySQL on Kubernetes. Before revision 221, the method for calling a SQL DDL or python based mysql-shell scripts can leak database users credentials. The method mysql-operator calls mysql-shell application rely on writing to a temporary...
BIT-APACHE-2021-30641 Unexpected URL matching with 'MergeSlashes OFF'
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'...
CVE-2024-24825 TokenManager not checking permissions on cached tokens in DIRAC
DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known...
CVE-2023-3446
Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...
CVE-2022-3515
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment...
DSA-5191-1 linux - security update
Bulletin has no description...
GHSA-R6MC-MRVR-23CR Sandbox bypass in Jenkins Pipeline: Groovy Plugin
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM...
GHSA-4R8Q-GV9J-3XX6 Open Redirect
Impact In some situations, it is possible to have open redirects where users can be redirected from your site to any other site using a specially crafted URL. This is only the case for installations where the default Hostname Identification is used and the environment uses tenants that have...
GHSA-VV6J-WW6X-54GX Use after free in Animation
CVE-2022-0609: Use after free in Animation - https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop14.html - https://vulners.com/cve/CVE-2022-0609 Google is aware of reports that exploits for CVE-2022-0609 exist in the wild. The exploitation is known to be easy. The attac...
GHSA-G7CV-RXG3-HMPX Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, and SSH keys
Summary On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/ packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow...
RLSA-2024:4211 Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack CVE-2020-26555 kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number...
BIT-APACHE-2022-29404 Denial of service in mod_lua r:parsebody
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody0 may cause a denial of service due to no default limit on possible input size...
GHSA-4XW9-CX39-R355 json-web-token library is vulnerable to a JWT algorithm confusion attack
Summary The json-web-token library is vulnerable to a JWT algorithm confusion attack. Details On line 86 of the 'index.js' file, the algorithm to use for verifying the signature of the JWT token is taken from the JWT token, which at that point is still unverified and thus shouldn't be trusted. To...
DLA-3175-1 python3.7 - security update
Bulletin has no description...
GHSA-JHFV-8936-G652 Cross-site Scripting in Jenkins Hidden Parameter Plugin
Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission. Exploitation of this...
CVE-2022-31813
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded- headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application...
PYSEC-2022-169
Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and...
GHSA-9F3J-PM6F-9FM5 Race condition in Apache Tomcat
The fix for bug CVE-2020-9484 introduced a time of check time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...
BIT-PHP-2024-1874 Command injection via array-ish $command parameter of proc_open()
In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands ...
GHSA-8G9C-28FC-MCX2 Duplicate Advisory: Microsoft Identity Denial of service vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-59j7-ghrg-fj52. This link is maintained to preserve external references. Original Description Impact An attacker could exploit this vulnerability by crafting a malicious JSON Web Encryption JWE token with a high...
GHSA-WC9J-GC65-3CM7 DDFFileParser is vulnerable to XXE Attacks
Impact DDFFileParser and DefaultDDFFileValidator and so ObjectLoader are vulnerable to XXE AttacksProcessing. DDF file is a LWM2M format used to store LWM2M object description. Leshan users are impacted only if they parse untrusted DDF files e.g. if they let external users provide their own model...
GHSA-XJ57-8QJ4-C4M6 Code injection in Apache Commons Configuration
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...
GHSA-RHGR-952R-6P8Q Command injection in Apache Maven maven-shared-utils
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks...
GHSA-8864-PWHG-3MP2 Arbitrary file write vulnerability in Jenkins Fortify CloudScan Plugin
A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permissions of the user the Jenkins...
GHSA-369M-2GV6-MW28 WEBrick RCE Vulnerability
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name...
GHSA-FX95-883V-4Q4H Path traversal in github.com/valyala/fasthttp
The package github.com/valyala/fasthttp before 1.34.0 is vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. Note: This security issue impacts Windows users only...
DLA-2768-1 uwsgi - security update
Bulletin has no description...
PYSEC-2021-142
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...
GHSA-2M69-GCR7-JV3Q SQLitePCLRaw.lib.e_sqlite3 has a vulnerable dependency on SQLite
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above...
CGA-CFPJ-W2PP-M43X
Bulletin has no description...
BIT-MONGODB-2024-6384
"Hot" backup files may be downloaded by underprivileged users, if they are capable of acquiring a unique backup identifier. This issue affects MongoDB Enterprise Server v6.0 versions prior to 6.0.16, MongoDB Enterprise Server v7.0 versions prior to 7.0.11 and MongoDB Enterprise Server v7.3 versio...
GHSA-7F88-5HHX-67M2 XNIO denial of service vulnerability
A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service DoS. Version 3.8.14.Final is expected to contain a fix...
BIT-VARNISH-2021-36740
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8...
GHSA-WPRV-93R4-JJ2P OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
Impact When the verifyMultiProof, verifyMultiProofCalldata, processMultiProof, or processMultiProofCalldata functions are in use, it is possible to construct merkle trees that allow forging a valid multiproof for an arbitrary set of leaves. A contract may be vulnerable if it uses multiproofs for...
GO-2023-1495 Request smuggling due to improper request handling in golang.org/x/net/http2/h2c
A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be...
GO-2022-1043 Hardcoded hashed password in github.com/flyteorg/flyteadmin
Default authorization server's configuration settings contain a known hardcoded hashed password. Users who enable auth but do not override this setting may unknowingly allow public traffic in by way of this default password with attackers effectively impersonating propeller...
GHSA-Q4QM-XHF9-4P8F Flower OAuth authentication bypass
All versions of Flower, a web UI for the Celery Python RPC framework, as of 05-02-2022 are vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes. A fix was...
GHSA-QPP2-2MCP-2WM5 Unauthenticated user can list hidden document from multiple velocity templates in XWiki
Impact A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. Patches The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. Workarounds There is no known workaround for this problem. References...
GHSA-MRQ4-7CH7-2465 Server Side Twig Template Injection
PrestaShop is an Open Source e-commerce platform. Starting with version 1.7.0.0 and ending with version 1.7.8.3, an attacker is able to inject twig code inside the back office when using the legacy layout. The problem is fixed in version 1.7.8.3. There are no known workarounds...
GHSA-93J5-G845-9WQP Unsafe HTTP Redirect in Puppet Agent and Puppet Server
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...
GHSA-WP4H-PVGW-5727 Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution...
PYSEC-2021-437
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1...
PYSEC-2021-95
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basicauthprotocolfactorycredentials=.... An attacker may be able to guess a password via a timing attack...