907648 matches found
GHSA-5875-P652-2PPM Exposure of Resource to Wrong Sphere in microweber
Exposure of Resource to Wrong Sphere in microweber prior to 1.3 allows users to add deleted products to a cart and buy it...
DSA-5000-1 openjdk-11 - security update
Bulletin has no description...
CVE-2021-3712
ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...
CVE-2021-23382
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service ReDoS via getAnnotationURL and loadAnnotation in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /\s sourceMappingURL=...
GHSA-C2GP-86P4-5935 Use-After-Free in puppeteer
Versions of puppeteer prior to 1.13.0 are vulnerable to the Use-After-Free vulnerability in Chromium CVE-2019-5786. The Chromium FileReader API is vulnerable to Use-After-Free which may lead to Remote Code Execution. Recommendation Upgrade to version 1.13.0 or later...
DLA-1500-1 openssh - security update
Bulletin has no description...
DLA-749-1 php5 - security update
Bulletin has no description...
DSA-454 linux-kernel-2.2.22-alpha - failing function and TLB flush
Bulletin has no description...
DSA-351 php4 - cross-site scripting
Bulletin has no description...
BIT-TOMCAT-2025-53506 Apache Tomcat: DoS via excessive h2 streams at connection start
Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams. This issue affects Apache Tomcat: from 11.0.0 through 11.0.8, from 10.1.0 through 10.1.42, from 9.0.0 through...
BIT-GITLAB-2024-12619 Insufficient Granularity of Access Control in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1, allowing internal users to gain unauthorized access to internal projects...
CVE-2024-5762
Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Zen Cart. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
BIT-RUBY-2021-33621
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object...
PYSEC-2024-164
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in abidecode, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potential...
CVE-2023-50387
Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG...
GHSA-94VC-P8W7-5P49 Bundled libwebp in imagecodecs vulnerable
imagecodecs versions before v2023.9.18 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 previously CVE-2023-4863. imagecodecs v2023.9.18 upgrades the bundled libwebp binary to v1.3.2...
CVE-2023-32233
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled...
GO-2022-0963 Resource exhaustion in github.com/gagliardetto/binary
A memory allocation vulnerability can be exploited to allocate arbitrarily large slices, which can exhaust available memory or crash the program. When parsing data from untrusted sources of input e.g. the blockchain, the length of the slice to allocate is read directly from the data itself withou...
GHSA-64QM-HRGP-PGR9 Mechanize before v2.8.5 vulnerable to authorization header leak on port redirect
Summary Mechanize rubygem Cookies do not provide isolation by port. If a cookie is readable by a service running on one port, the cookie is also readable by a service running on another port of the same server. If a cookie is writable by a service on one port, the cookie is also writable by a...
ASB-A-157929241
In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
DLA-3012-1 libxml2 - security update
Bulletin has no description...
GHSA-9PQ7-RCXV-47VQ Incorrect Regular Expression in RestSharp
RestSharp 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression Denial of Service ReDoS when converting strings into DateTimes. If a server responds with a malicious string, the client using RestSharp will be stuck processing it for an exceedingly long time. Thus...
DSA-4817-1 php-pear - security update
Bulletin has no description...
GHSA-9PCF-H8Q9-63F6 Sandbox Breakout / Arbitrary Code Execution in safe-eval
All versions of safe-eval are vulnerable to Sandbox Escape leading to Remote Code Execution. A payload chaining a function's callee and caller constructors can escape the sandbox and execute arbitrary code. For example, the payload = const targetKey = Object.keysthis0; Object.definePropertythis,...
GHSA-6JV3-5F52-599M python-multipart: Semicolon treated as querystring field separator enables parameter smuggling
Summary QuerystringParser treated ; as a field separator in application/x-www-form-urlencoded bodies, in addition to &. The WHATWG URL standard, modern browsers, and Python's urllib.parse since the CVE-2021-23336 fix treat only & as a separator. This creates a parser differential: the same bytes...
BIT-GITLAB-2024-12244 Missing Authorization in GitLab
An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1...
BIT-GITLAB-2024-6685 Authorization Bypass Through User-Controlled Key in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2, where group runners information was disclosed to unauthorised group members...
BIT-PHP-2022-37454
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface...
GO-2023-1878 Insufficient sanitization of Host header in net/http
The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...
GO-2023-1839 Code injection via go command with cgo in cmd/go
The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...
GHSA-85PF-R4C7-3J9R Apache Airflow Drill Provider vulnerable to improper input validation
Apache Software Foundation's Apache Airflow Drill Provider before 2.3.2 is vulnerable to improper input validation because the host passed in drill connection is not sanitized...
DLA-3351-1 apache2 - security update
Bulletin has no description...
DSA-5256-1 bcel - security update
Bulletin has no description...
CVE-2022-32205
A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl 7.84.0 stores all of them. A sufficiently large amount of big cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger th...
DSA-5178-1 intel-microcode - security update
Bulletin has no description...
DSA-5161-1 linux - security update
Bulletin has no description...
GHSA-CGX6-HPWQ-FHV5 Integer Overflow or Wraparound in libxml2 affects Nokogiri
Summary Nokogiri v1.13.5 upgrades the packaged version of its dependency libxml2 from v2.9.13 to v2.9.14. libxml2 v2.9.14 addresses CVE-2022-29824. This version also includes several security-related bug fixes for which CVEs were not created, including a potential double-free, potential memory...
GHSA-X3MH-JVJW-3XWX openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates
The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...
GHSA-7QW8-847F-PGGM Improper Locking in github.com/containers/storage
A deadlock vulnerability was found in github.com/containers/storage in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code indefinite...
DLA-2496-1 firefox-esr - security update
Bulletin has no description...
DLA-2485-1 golang-golang-x-net-dev - security update
Bulletin has no description...
GHSA-PV36-H7JH-QM62 Heap buffer overflow in CefSharp
Impact A memory corruption bugHeap overflow in the FreeType font rendering library. This can be exploited by attackers to execute arbitrary code by using specially crafted fonts with embedded PNG images . As per https://www.secpod.com/blog/chrome-zero-day-under-active-exploitation-patch-now/ Goog...
CVE-2020-13401
An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAPNETRAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service...
GHSA-JP5V-5GX4-JMJ9 Ability to forge per-form CSRF tokens in Rails
It is possible to, given a global CSRF token such as the one present in the authenticitytoken meta tag, forge a per-form CSRF token for any action for that session. Impact ------ Given the ability to extract the global CSRF token, an attacker would be able to construct a per-form CSRF token for...
GHSA-C6FM-RGW4-8Q73 CoAPthon3 vulnerable to Deserialization of Untrusted Data
The Serialize.deserialize method in CoAPthon3 1.0 and 1.0.1 mishandles certain exceptions, leading to a denial of service in applications that use this library e.g., the standard CoAP server, CoAP client, example collect CoAP server and client when they receive crafted CoAP messages...
GHSA-MGX3-27HR-MFGP HTTParty does not restrict casts of string values
The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption by leveraging Action Pack support for YAML type...
DLA-324-1 binutils - security update
Bulletin has no description...
DSA-2537-1 typo3-src - several
Bulletin has no description...
BIT-GRAFANA-2024-11741
Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed in versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15...
CVE-2024-53064 idpf: fix idpf_vc_core_init error path
In the Linux kernel, the following vulnerability has been resolved: idpf: fix idpfvccoreinit error path In an event where the platform running the device control plane is rebooted, reset is detected on the driver. It releases all the resources and waits for the reset to complete. Once the reset i...