907332 matches found
UBUNTU-CVE-2026-55200
libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2transportread that fails to enforce upper bounds on packetlength field. Remote attackers can send crafted SSH packets with excessively large packetlength values to corrupt heap memory and achieve...
BIT-APACHE-2026-44631 Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow
Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...
GHSA-HV78-CWP4-8R7R baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE)
Details The application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using requireonce without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve...
BIT-PYTHON-2026-1299 email BytesGenerator header injection due to unquoted newlines
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...
SUSE-SU-2024:3986-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too bsc1226797. - CVE-2024-41031: mm/filemap: skip to create PMD-sized page...
RHSA-2023:6818 Red Hat Security Advisory: Satellite 6.14 security and bug fix update
Bulletin has no description...
DLA-3891-1 mariadb-10.5 - security update
Bulletin has no description...
MAL-2024-4924 Malicious code in coloramas (PyPI)
--- -= Per source details. Do not edit below this line.=-...
SUSE-SU-2024:2183-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47497: Fixed shift-out-of-bound UBSAN with byte size cells bsc1225355. - CVE-2021-47500: Fixed trigger reference couting bsc1225360. - CVE-2021-47383: Fiedx...
GHSA-H533-5V22-8VCP firebase/php-jwt: "None" Algorithm treated as valid on tokens
Several widely-used JSON Web Token JWT libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys RS256, RS384, RS512, ES256, ES384, ES512...
CVE-2024-32002 Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory...
BIT-APACHE-2022-28330 read beyond bounds in mod_isapi
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the modisapi module...
GHSA-HFXH-RJV7-2369 Uptime Kuma Authenticated remote code execution via TailscalePing
Summary The runTailscalePing method of the TailscalePing class injects the hostname parameter inside a shell command, leading to a command injection and the possibility to run arbitrary commands on the server. Details When adding a new monitor on Uptime Kuma, we can select the "Tailscale Ping"...
CVE-2023-2804
A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2mergedupsampleinternal function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could cra...
DLA-3401-1 apache2 - security update
Bulletin has no description...
GHSA-HC6Q-2MPP-QW7J Cross-realm object access in Webpack 5
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...
DLA-3222-1 node-fetch - security update
Bulletin has no description...
GO-2022-1098 Denial of service in message decoding in github.com/btcsuite/btcd
Erroneous message decoding can cause denial of service. Improper checking of maximum witness size during node message decoding prevented nodes in Lightning Labs lnd before 0.15.2-beta to sync...
PSF-2022-11 Buffer overflow in the _sha3 module in Python 3.10 and older
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface...
GHSA-R9VV-XJ4W-G8M8 Apache ActiveMQ Artemis RCE Via Deserialization Gadget Chain
The getObject method of the javax.jms.ObjectMessage class in the 1 JMS Core client, 2 Artemis broker, and 3 Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects...
GHSA-2V6V-Q994-XVXX Privilege escalation in beego
beego is an open-source, high-performance web framework for the Go programming language. An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally...
DLA-2734-1 curl - security update
Bulletin has no description...
DSA-4937-1 apache2 - security update
Bulletin has no description...
GO-2020-0018
UUIDs generated using NewV1 and NewV4 may not read the expected number of random bytes. These UUIDs may contain a significantly smaller amount of entropy than expected, possibly leading to collisions...
DLA-2608-1 jquery - security update
Bulletin has no description...
GHSA-8H56-V53H-5HHJ Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution...
DSA-4558-1 webkit2gtk - security update
Bulletin has no description...
DLA-1927-1 qemu - security update
Bulletin has no description...
DLA-1850-1 redis - security update
Bulletin has no description...
DLA-1730-1 libssh2 - security update
Bulletin has no description...
GHSA-RR3C-F55V-QHV5 Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents
Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from...
GHSA-P7C9-JQHQ-VR3V Remote Code Execution in markdown-pdf
Versions of markdown-pdf prior to 9.0.0 are vulnerable to Remote Code Execution. The package fails to sanitize HTML code in markdown files. If markdown files with malicious HTML are converted to PDF, the resulting PDF file will execute any JavaScript code in the original markdown file. This may...
DLA-809-1 tcpdump - security update
Bulletin has no description...
DSA-3448-1 linux - security update
Bulletin has no description...
DLA-359-1 mysql-5.5 - packages as an option announcement
Bulletin has no description...
DLA-288-1 openssh - security update
Bulletin has no description...
DSA-1787-1 linux-2.6.24 - several vulnerabilities
Bulletin has no description...
BIT-TOMCAT-2020-1938
When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that...
GHSA-6475-R3VJ-M8VF AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value
CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...
RHSA-2023:1043 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 7
Bulletin has no description...
RHSA-2021:1313 Red Hat Security Advisory: Satellite 6.9 Release
Bulletin has no description...
MAL-2024-7752 Malicious code in jfrog-ci-templates (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ca6b5be5ca78626dbb231ce098412b200202572a0c8a3513b2a666e342d8004 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...
SUSE-SU-2024:2190-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47548: Fixed a possible array out-of=bounds bsc1225506 - CVE-2022-48689: Fixed data-race in lruaddfn bsc1223959 - CVE-2022-48691: Fixed memory leak in...
GO-2024-2887 Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip
The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...
CVE-2024-32020 Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a...
ALSA-2024:1644 Important: grafana-pcp security and bug fix update
The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloa...
BIT-GITLAB-2020-10084
GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerabilityfeedback endpoint could result in the exposure of a private project namespace...
GHSA-R68H-JHHJ-9JVM Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year
Impact The Validator.isValidSafeHTML method can result in false negatives where it reports some input as safe i.e., returns true, but really isn't, and using that same input as-is can in certain circumstances result in XSS vulnerabilities. Because this method cannot be fixed, it is being deprecat...
ALSA-2023:5091 Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: UAF in nftables when nftsetlookupglobal triggered after handling named and anonymous sets in batch requests CVE-2023-3390 kernel:...