908338 matches found
GO-2024-2668 Login username enumeration in github.com/IceWhaleTech/CasaOS-UserService
The Casa OS Login page has a username enumeration vulnerability in the login page that was patched in Casa OS v0.4.7. The issue exists because the application response differs depending on whether the username or password is incorrect, allowing an attacker to enumerate usernames by observing the...
BIT-GITLAB-2020-10085
GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles...
BIT-CODEIGNITER-2022-39284
CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does...
BIT-APACHE-2022-28614 read beyond bounds via ap_rwrite()
The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite or aprputs, such as with modluas r:puts function. Modules compiled and distributed separately from Apache HTTP Server that use t...
GO-2023-2162 SQL Injection in List Endpoints in github.com/flyteorg/flyteadmin
A malicious user can send a REST request to a List endpoint with filters that contain custom SQL statements. This can result in SQL injection...
GHSA-5PR3-M5HM-9956 WPS Server Side Request Forgery vulnerability
Summary The OGC Web Processing Service WPS specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. Details This vulnerability requires: The WPS extension to be installed The WPS security setting...
DLA-3371-1 unbound - security update
Bulletin has no description...
DSA-5354-1 snort - security update
Bulletin has no description...
GHSA-RP2V-V467-Q9VQ GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package
Impact Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed. This is due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the...
GO-2022-1098 Denial of service in message decoding in github.com/btcsuite/btcd
Erroneous message decoding can cause denial of service. Improper checking of maximum witness size during node message decoding prevented nodes in Lightning Labs lnd before 0.15.2-beta to sync...
GHSA-RPXG-HG79-H8Q9 SQL Injection in typo3 extension "LUX - TYPO3 Marketing Automation"
A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3...
GHSA-64X4-9HC6-R2H6 Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library
Summary The Azure Storage Encryption library in Java and other languages is vulnerable to a CBC Padding Oracle attack, similar to CVE-2020-8911. The library is not vulnerable to the equivalent of CVE-2020-8912, but only because it currently only supports AES-CBC as encryption mode. Severity...
PYSEC-2022-206
OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...
GHSA-RJ7P-RFGP-852X Loop with Unreachable Exit Condition in Apache Thrift
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...
GHSA-RJ4P-7MM6-GM9J JBossWS vulnerable to uncontrolled recursion
DOMUtils.java in org.jboss.ws:jbossws-common does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested...
GHSA-RHF5-F553-XG82 Password exposure in concrete5/core
Unauthorized individuals could view password protected files using viewinline in Concrete CMS previously concrete 5 prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in viewinline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations...
GHSA-WPH3-44RJ-92PR elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE
Impact We recently fixed several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with the minimal configuration. Patches The issues were addressed in our last release,...
GO-2020-0018
UUIDs generated using NewV1 and NewV4 may not read the expected number of random bytes. These UUIDs may contain a significantly smaller amount of entropy than expected, possibly leading to collisions...
GHSA-MCFM-H73V-635M Undertow-core vulnerable to HTTP Request Smuggling
It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating t...
CVE-2018-5702
Transmission through 2.92 relies on X-Transmission-Session-Id which is not a forbidden header for Fetch for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS...
GHSA-QQXP-XP9V-VVX6 jquery-ui Tooltip widget vulnerable to XSS
Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...
MGASA-2014-0483 Updated moodle package fixes security vulnerabilities
In Moodle before 2.6.5, without forcing encoding, it was possible that UTF7 characters could be used to force cross-site scripts to AJAX scripts although this is unlikely on modern browsers and on most Moodle pages MSA-14-0035. In Moodle before 2.6.5, an XSS issue through $searchcourse in...
DLA-0003-1 openssl - security update
Bulletin has no description...
UBUNTU-CVE-2026-55200
libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2transportread that fails to enforce upper bounds on packetlength field. Remote attackers can send crafted SSH packets with excessively large packetlength values to corrupt heap memory and achieve...
GO-2025-3595 Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
DLA-3891-1 mariadb-10.5 - security update
Bulletin has no description...
RHSA-2019:2519 Red Hat Security Advisory: rh-php71-php security, bug fix, and enhancement update
Bulletin has no description...
MAL-2024-4924 Malicious code in coloramas (PyPI)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-32002 Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory...
ALSA-2024:0001 Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.6.0. Security Fixes: Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver CVE-2023-6856 Mozilla: Memory safety bugs fixed in Firefox 121, Firefo...
GHSA-4GRX-2X9W-596C Marvin Attack: potential key recovery through timing sidechannels
The Marvin Attack is a timing sidechannel vulnerability which allows performing RSA decryption and signing operations as an attacker with the ability to observe only the time of the decryption operation performed withthe private key. A recent survey of RSA implementations found that the Rust rsa...
OSV-2023-745 Heap-buffer-overflow in pcpp::SomeIpSdLayer::isDataValid
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61774 Crash type: Heap-buffer-overflow READ 4 Crash state: pcpp::SomeIpSdLayer::isDataValid pcpp::SomeIpLayer::parseSomeIpLayer pcpp::UdpLayer::parseNextLayer...
CVE-2023-2804
A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2mergedupsampleinternal function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could cra...
GHSA-HC6Q-2MPP-QW7J Cross-realm object access in Webpack 5
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...
PSF-2022-11 Buffer overflow in the _sha3 module in Python 3.10 and older
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface...
GHSA-MJVM-MHGC-Q4GP Incorrect parsing of EVM reversion exit reason in RPC
Impact A low severity security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this would cause an overflow panic. No action is...
GHSA-Q98C-RQX7-7GHF Improper handling of untrusted branches in Gitea Jenkins Plugin
Jenkins Gitea Plugin prior to 1.1.2 did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted...
GHSA-2259-H742-5VR4 JBoss EJB Client information disclosure vulnerability
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality...
GHSA-23VV-V25H-QWQW Improper Input Validation in Apache Axis2
Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server WAS 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly...
GHSA-4HXV-95RC-JQG7 nv-websocket-client allows attackers to spoof SSL/TLS servers via an arbitrary valid certificate
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate...
GHSA-R9VV-XJ4W-G8M8 Apache ActiveMQ Artemis RCE Via Deserialization Gadget Chain
The getObject method of the javax.jms.ObjectMessage class in the 1 JMS Core client, 2 Artemis broker, and 3 Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects...
GHSA-2V6V-Q994-XVXX Privilege escalation in beego
beego is an open-source, high-performance web framework for the Go programming language. An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally...
GHSA-F5PG-7WFW-84Q9 CBC padding oracle issue in AWS S3 Crypto SDK for golang
Summary The golang AWS S3 Crypto SDK is impacted by an issue that can result in loss of confidentiality and message forgery. The attack requires write access to the bucket in question, and that the attacker has access to an endpoint that reveals decryption failures without revealing the plaintext...
DLA-2734-1 curl - security update
Bulletin has no description...
ASB-A-175193031
In futexsetuptimer and related functions of futex.c, there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
DSA-4937-1 apache2 - security update
Bulletin has no description...
DSA-4899-1 openjdk-11 - security update
Bulletin has no description...
PYSEC-2021-147
in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive...
DLA-2608-1 jquery - security update
Bulletin has no description...
GHSA-XQ5J-GW7F-JGJ8 CSRF Vulnerability in rails-ujs
There is a vulnerability in rails-ujs that allows attackers to send CSRF tokens to wrong domains. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ This is a regression of CVE-2015-1840. In the scenario where an attacker might be able to control the href attribute of an anchor tag...