907610 matches found
CVE-2016-10735
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...
GHSA-8JXQ-75RW-FHJ9 Eve allows execution of arbitrary code
io/mongo/parser.py in Eve aka pyeve before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter...
DLA-1166-1 tomcat7 - security update
Bulletin has no description...
CVE-2016-5387
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary...
DSA-3120-1 mantis - security update
Bulletin has no description...
DSA-3035-1 bash - security update
Bulletin has no description...
DSA-1010-1 ilohamail - missing input sanitising
Bulletin has no description...
GHSA-384W-WFFR-X63Q Pterodactyl panel's admin area vulnerable to Cross-site Scripting
Impact Importing a malicious egg or gaining access to wings instance could lead to XSS on the panel, which could be used to gain an administrator account on the panel. Specifically, the following things are impacted: - Egg Docker images - Egg variables: - Name - Environment variable - Default val...
GHSA-6C5P-J8VQ-PQHJ python-jose algorithm confusion with OpenSSH ECDSA keys
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...
BIT-GITLAB-2020-10085
GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles...
BIT-APACHE-2022-28614 read beyond bounds via ap_rwrite()
The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite or aprputs, such as with modluas r:puts function. Modules compiled and distributed separately from Apache HTTP Server that use t...
GO-2024-2587 SQL injection in github.com/apache/age/drivers/golang
SQL injection in github.com/apache/age/drivers/golang...
CVE-2024-25674
An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type...
GO-2023-2162 SQL Injection in List Endpoints in github.com/flyteorg/flyteadmin
A malicious user can send a REST request to a List endpoint with filters that contain custom SQL statements. This can result in SQL injection...
GHSA-4W8R-3XRW-V25G Craft CMS Remote Code Execution vulnerability
Impact This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. Mitigations This has been fixed in Craft 4.4.15. You should ensure you’re running at least that version. Refresh you...
CVE-2022-48174
There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution...
DSA-5354-1 snort - security update
Bulletin has no description...
GHSA-RP2V-V467-Q9VQ GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package
Impact Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed. This is due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the...
GO-2022-1098 Denial of service in message decoding in github.com/btcsuite/btcd
Erroneous message decoding can cause denial of service. Improper checking of maximum witness size during node message decoding prevented nodes in Lightning Labs lnd before 0.15.2-beta to sync...
ASB-A-195410559
In btadmremovedevice of btadmact.cc, there is a possible way for a BT device to receive a long term trackable identifier due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
GHSA-RPXG-HG79-H8Q9 SQL Injection in typo3 extension "LUX - TYPO3 Marketing Automation"
A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3...
GHSA-64X4-9HC6-R2H6 Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library
Summary The Azure Storage Encryption library in Java and other languages is vulnerable to a CBC Padding Oracle attack, similar to CVE-2020-8911. The library is not vulnerable to the equivalent of CVE-2020-8912, but only because it currently only supports AES-CBC as encryption mode. Severity...
PYSEC-2022-206
OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...
GHSA-RJ7P-RFGP-852X Loop with Unreachable Exit Condition in Apache Thrift
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...
GHSA-RJ4P-7MM6-GM9J JBossWS vulnerable to uncontrolled recursion
DOMUtils.java in org.jboss.ws:jbossws-common does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested...
GHSA-RHF5-F553-XG82 Password exposure in concrete5/core
Unauthorized individuals could view password protected files using viewinline in Concrete CMS previously concrete 5 prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in viewinline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations...
GHSA-WPH3-44RJ-92PR elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE
Impact We recently fixed several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with the minimal configuration. Patches The issues were addressed in our last release,...
DSA-4757-1 apache2 - security update
Bulletin has no description...
ALSA-2019:2799 Important: nginx:1.14 security update
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 Post Office Protocol 3 and IMAP protocols, with a focus on high concurrency, performance and low memory usage. Security Fixes: HTTP/2: large amount of data request leads to denial of service CVE-2019-9511 HTTP/2: flood using...
GHSA-MCFM-H73V-635M Undertow-core vulnerable to HTTP Request Smuggling
It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating t...
CVE-2018-5702
Transmission through 2.92 relies on X-Transmission-Session-Id which is not a forbidden header for Fetch for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS...
CVE-2017-16544
In the addmatch function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code...
DSA-3132-1 icedove - security update
Bulletin has no description...
DSA-3077-1 openjdk-6 - security update
Bulletin has no description...
DLA-0003-1 openssl - security update
Bulletin has no description...
DSA-1460-1 postgresql-8.1 - several
Bulletin has no description...
UBUNTU-CVE-2026-55200
libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2transportread that fails to enforce upper bounds on packetlength field. Remote attackers can send crafted SSH packets with excessively large packetlength values to corrupt heap memory and achieve...
DLA-3891-1 mariadb-10.5 - security update
Bulletin has no description...
RHSA-2019:2519 Red Hat Security Advisory: rh-php71-php security, bug fix, and enhancement update
Bulletin has no description...
MAL-2024-4924 Malicious code in coloramas (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-4544 Malicious code in MetаMаsk.Blazor (NuGet)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-32002 Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory...
CVE-2024-27983
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a T...
CVE-2024-27316
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...
ALSA-2024:0001 Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.6.0. Security Fixes: Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver CVE-2023-6856 Mozilla: Memory safety bugs fixed in Firefox 121, Firefo...
GHSA-4GRX-2X9W-596C Marvin Attack: potential key recovery through timing sidechannels
The Marvin Attack is a timing sidechannel vulnerability which allows performing RSA decryption and signing operations as an attacker with the ability to observe only the time of the decryption operation performed withthe private key. A recent survey of RSA implementations found that the Rust rsa...
OSV-2023-745 Heap-buffer-overflow in pcpp::SomeIpSdLayer::isDataValid
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61774 Crash type: Heap-buffer-overflow READ 4 Crash state: pcpp::SomeIpSdLayer::isDataValid pcpp::SomeIpLayer::parseSomeIpLayer pcpp::UdpLayer::parseNextLayer...
CVE-2023-2804
A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2mergedupsampleinternal function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could cra...
DLA-3371-1 unbound - security update
Bulletin has no description...
GHSA-HC6Q-2MPP-QW7J Cross-realm object access in Webpack 5
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...