907757 matches found
GO-2022-0963 Resource exhaustion in github.com/gagliardetto/binary
A memory allocation vulnerability can be exploited to allocate arbitrarily large slices, which can exhaust available memory or crash the program. When parsing data from untrusted sources of input e.g. the blockchain, the length of the slice to allocate is read directly from the data itself withou...
GHSA-Q9X4-Q76F-5H5J Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030)
Impact Sean Wright from Secureworks has discovered an enumeration vulnerability. An attacker can make use of the Harbor API to make unauthenticated calls to the Harbor instance. Based on the HTTP status code in the response, an attacker is then able to work out which resources exist, and which do...
GO-2021-0076 Out-of-bounds write in github.com/evanphx/json-patch
A malicious JSON patch can cause a panic due to an out-of-bounds write attempt. This can be used as a denial of service vector if exposed to arbitrary user input...
GHSA-754H-5R27-7X3R RCE in Symfony
Description ----------- The CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surroga...
DLA-2133-1 tomcat7 - security update
Bulletin has no description...
GHSA-G8HW-794C-4J9G Path Traversal in org.springframework:spring-core
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. When static resources are served from a file system on Windows as opposed to the classpath, or...
BIT-GITLAB-2024-10307 Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered in GitLab EE/CE affecting all versions from 12.10 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A maliciously crafted file can cause uncontrolled CPU consumption when viewing the associated merge request...
GO-2024-2912 Docker CLI leaks private registry credentials to registry-1.docker.io in github.com/docker/cli
Docker CLI leaks private registry credentials to registry-1.docker.io in github.com/docker/cli...
GHSA-G9WG-98C2-QV3V TCPDF Cross-site Scripting vulnerability
TCPDF before 6.7.4 mishandles calls that use HTML syntax...
GHSA-59J7-GHRG-FJ52 Microsoft ASP.NET Core project templates vulnerable to denial of service
A Denial of Service vulnerability exists in ASP.NET Core project templates which utilize JWT-based authentication tokens. This vulnerability allows an unauthenticated client to consume arbitrarily large amounts of server memory, potentially triggering an out-of-memory condition on the server and...
PYSEC-2023-227
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates o...
PYSEC-2023-139
Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with...
GO-2023-1839 Code injection via go command with cgo in cmd/go
The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...
ASB-A-261858325
In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
GHSA-J83X-R9QQ-9G4V Froxlor is vulnerable to authentication bypass
Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13...
CVE-2022-37436
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client...
GHSA-J7MW-7CRR-658V Richfaces vulnerable to arbitrary code execution
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language EL injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData...
DSA-5083-1 webkit2gtk - security update
Bulletin has no description...
GHSA-C7F6-4VX5-4263 Unrestricted Upload of File with Dangerous Type in Liferay Portal and Liferay DXP
Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files...
GHSA-MPJM-V997-C4H4 Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API
Impact This vulnerability allows a sandboxed renderer to request a "thumbnail" image of an arbitrary file on the user's system. The thumbnail can potentially include significant parts of the original file, including textual data in many cases. All current stable versions of Electron are affected...
ASB-A-183188047
In fastrpcinternalinvoke of drivers/misc/fastrpc.c, there is a possible way for user-mode processes to send fastrpc kernel requests due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...
CVE-2019-8942
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image...
DSA-2303-1 linux-2.6 - several issues
Bulletin has no description...
BIT-APACHE-2021-26690 mod_session NULL pointer dereference
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by modsession can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service...
BIT-APACHE-2022-22719 mod_lua Use of uninitialized value of in r:parsebody
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier...
PYSEC-2024-29
OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an adm...
DLA-3249-1 mbedtls - security update
Bulletin has no description...
GO-2022-1175 Exposure of local files in github.com/cortexproject/cortex
A malicious actor could remotely read local files by submitting to the Alertmanager Set Configuration API maliciously crafted inputs. Only users of the Alertmanager service where "-experimental.alertmanager.enable-api" or "enableapi: true" is configured are affected...
DSA-5257-2 linux - regression update
Bulletin has no description...
GHSA-RHWX-HJX2-X4QR PDFKit vulnerable to Command Injection
The package pdfkit is vulnerable to Command Injection where the URL is not properly sanitized. Note: This issue was patched in 0.8.7.2, but the patch was discovered to be ineffective. The updated patch version is 0.8.7.2...
GHSA-3HHC-QP5V-9P2J Active Record RCE bug with Serialized Columns
When serialized columns that use YAML the default are deserialized, Rails uses YAML.unsafeload to convert the YAML data in to Ruby objects. If an attacker can manipulate data in the database via means like SQL injection, then it may be possible for the attacker to escalate to an RCE. There are no...
GHSA-RF6Q-VX79-MJXR Undertow Uncontrolled Resource Consumption
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final a...
GHSA-QPP2-2MCP-2WM5 Unauthenticated user can list hidden document from multiple velocity templates in XWiki
Impact A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. Patches The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. Workarounds There is no known workaround for this problem. References...
GHSA-5875-P652-2PPM Exposure of Resource to Wrong Sphere in microweber
Exposure of Resource to Wrong Sphere in microweber prior to 1.3 allows users to add deleted products to a cart and buy it...
GHSA-742W-89GC-8M9C containerd v1.2.x can be coerced into leaking credentials during image pull
Impact If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer otherwise known as a “foreign layer”, the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 o...
DSA-5000-1 openjdk-11 - security update
Bulletin has no description...
CVE-2021-40438
A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...
CVE-2021-3712
ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...
GHSA-W5HR-JM4J-9JVQ Sandbox escape through template_object in smarty
Sandbox protection could be bypassed through access to an internal Smarty object that should have been blocked. Sites that rely on Smarty Security features should upgrade as soon as possible. Please upgrade to 3.1.39 or higher...
ASB-A-150693166
In auditfreelsmfield of auditfilter.c, there is a possible bad kfree due to a logic error in auditdatatoentry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
DLA-1500-1 openssh - security update
Bulletin has no description...
GHSA-99CH-8MVP-G7M5 md2pdf allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename
converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename...
GHSA-3M6R-39P3-JQ25 Doorkeeper is vulnerable to replay attacks
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification...
CVE-2016-0643
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML...
RHSA-2026:24381 Red Hat Security Advisory: kernel security update
Bulletin has no description...
OSV-2026-609 Security exception in com.github.javaparser.ast.NodeList.forEach
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504814677 Crash type: Security exception Crash state: com.github.javaparser.ast.NodeList.forEach com.github.javaparser.ast.visitor.VoidVisitorAdapter.visit...
GO-2025-3950 Mattermost Missing Authorization vulnerability in github.com/mattermost/mattermost-server
Mattermost Missing Authorization vulnerability in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...
BIT-GITLAB-2024-12244 Missing Authorization in GitLab
An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1...
CVE-2024-5762
Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zen Cart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
SUSE-SU-2024:2185-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free bsc1225201. - CVE-2021-47496: Fix flipped sign in tlserrabort calls bsc1225354 -...