907645 matches found
CVE-2023-45869
ILIAS 7.25 2023-09-12 allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec function in the execQuoted method of the ilUtil class...
GHSA-PXVG-2QJ5-37JQ Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs
Summary Nokogiri v1.14.3 upgrades the packaged version of its dependency libxml2 to v2.10.4 from v2.10.3. libxml2 v2.10.4 addresses the following known vulnerabilities: - CVE-2023-29469: Hashing of empty dict strings isn't deterministic - CVE-2023-28484: Fix null deref in xmlSchemaFixupComplexTyp...
GHSA-7X45-PHMR-9WQP Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location
Summary An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip variant. Details Unpacking files using the...
DSA-5313-1 hsqldb - security update
Bulletin has no description...
DSA-5256-1 bcel - security update
Bulletin has no description...
DSA-5178-1 intel-microcode - security update
Bulletin has no description...
DSA-5161-1 linux - security update
Bulletin has no description...
GHSA-VJCM-J85R-7P68 DNN File Upload Vulnerability
DNN formerly DotNetNuke through 9.4.4 has a File upload vulnerability via bypassing client-side file extension check...
GHSA-F8X6-M9F5-FFP8 Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager
This affects the package unisharp/laravel-filemanager prior to version 2.6.2. The upload function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: - Install a package with a web Laravel application. - Navigate to the Upload...
PYSEC-2022-25
UltraJSON aka ujson through 5.1.0 has a stack-based buffer overflow in BufferAppendIndentUnchecked called from encode. Exploitation can, for example, use a large amount of indentation...
GHSA-267X-W5HX-8HJR Integer Overflow or Wraparound in OpenCV
In opencv/modules/imgcodecs/src/grfmtpxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects OpenCV 3.3 corresponding with OpenCV-Python version 3.3.0.9 and...
GHSA-XX8F-QF9F-5FGW Remote code execution in zendframework and laminas-http
Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer...
DLA-2485-1 golang-golang-x-net-dev - security update
Bulletin has no description...
OSV-2020-662 UNKNOWN READ in wmem_strdup_printf
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13725 Crash type: UNKNOWN READ Crash state: wmemstrdupprintf dissectparametersequence dissectrtpssubmessagev2...
GHSA-9722-RR68-RFPG Upload whitelisted files to any directory in OctoberCMS
Impact An attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the...
CVE-2020-13401
An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAPNETRAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service...
CVE-2019-9517
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write many of the byt...
DSA-2537-1 typo3-src - several
Bulletin has no description...
DSA-1794-1 linux-2.6 - multiple vulnerabilities
Bulletin has no description...
DSA-1381-2 linux-2.6
Bulletin has no description...
DSA-532 libapache-mod-ssl - several vulnerabilities
Bulletin has no description...
MAL-2026-5617 Malicious code in sysnu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eac9873e59ffdf79c56fd4f9366b56e0532f87dc00c4380fae18d714785b0bc8 On require / CLI invocation, sysnu performs two install-time-equivalent actions on Windows hosts. First, if python is not on PATH, index.js lines 42-...
BIT-PYTHON-2023-27043
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...
RHSA-2024:4719 Red Hat Security Advisory: httpd:2.4 security update
Bulletin has no description...
ALSA-2024:4573 Important: java-21-openjdk security update
The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: OpenJDK: RangeCheckElimination array index overflow 8323231 CVE-2024-21147 OpenJDK: potential UTF8 size overflow 8314794 CVE-2024-21131 OpenJDK: Excessive...
CGA-XVXC-42Q3-JGJ4
Bulletin has no description...
CGA-2P5W-7GJQ-WWX3
Bulletin has no description...
BIT-GITLAB-2020-10087
GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user...
BIT-NGINX-2022-41741 NGINX ngx_http_mp4_module vulnerability CVE-2022-41741
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngxhttpmp4module that might allow a local attacker to corrupt NGINX worker memory, resulting in...
BIT-APACHE-2020-1927
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with modrewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL...
BIT-APACHE-2021-33193 Request splitting via HTTP/2 method injection and mod_proxy
A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...
BIT-APACHE-2021-34798 NULL pointer dereference in httpd core
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier...
CVE-2023-48952
An issue in the boxdeserializereusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS after running a SELECT statement...
CVE-2023-43622
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...
CVE-2023-32559
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsyn...
GHSA-GQ63-P39P-JRJF Withdrawn: SQL injection in Yii 2
Withdrawn Advisory This advisory has been withdrawn because the issue originates from a product built on Yii2, not the Yii2 Framework itself. This link is maintained to preserve external references. Original Description SQL injection vulnerability found in Yii Framework Yii 2 Framework before...
CVE-2023-25572 React-Admin vulnerable to Cross-Site-Scripting attack on `<RichTextField>`
react-admin is a frontend framework for building browser applications on top of REST/GraphQL APIs. react-admin prior to versions 3.19.12 and 4.7.6, along with ra-ui-materialui prior to 3.19.12 and 4.7.6, are vulnerable to cross-site scripting. All React applications built with react-admin and usi...
DSA-5196-1 libpgjava - security update
Bulletin has no description...
RUSTSEC-2022-0084 libp2p Lack of resource management DoS
libp2p allows a potential attacker to cause victim p2p node to run out of memory The out of memory failure can cause crashes where libp2p is intended to be used within large scale networks leading to potential Denial of Service DoS vector Users should upgrade or reference the DoS mitigation...
GHSA-2F5V-8R3F-8PWW Improper access control allows admin privilege escalation in Argo CD
Impact Impacts for versions starting with v1.0.0 All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. To perform the following exploits, an authorized Argo CD use...
GHSA-82V2-MX6X-WQ7Q Incorrect Default Permissions in log4js
Impact Default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode...
DLA-2776-1 apache2 - security update
Bulletin has no description...
GHSA-WHQ6-MJ2R-MJQC OS Command Injection in lsof
All versions including 0.0.4 of lsof npm module are vulnerable to Command Injection. Every exported method used by the package uses the exec function to parse user input...
CVE-2019-15782
WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name...
GHSA-G95F-P29Q-9XW4 Duplicate Advisory: Regular Expression Denial of Service in braces
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cwfw-4gq5-mrqx. This link is maintained to preserve external references. Original Description Versions of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service ReDoS. Untrusted input may...
DLA-1679-1 php5 - security update
Bulletin has no description...
CVE-2016-2179
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service memory consumption by maintaining many crafted DTLS sessions simultaneously, related to...
DSA-2942-1 typo3-src - security update
Bulletin has no description...
DSA-2310-1 linux-2.6 - several issues
Bulletin has no description...
DSA-1503-2 kernel-source-2.4.27 - several vulnerabilities
Bulletin has no description...