908024 matches found
RHSA-2021:1313 Red Hat Security Advisory: Satellite 6.9 Release
Bulletin has no description...
GO-2022-1208 gotify/server vulnerable to Cross-site Scripting in the application image file upload in github.com/gotify/server
gotify/server vulnerable to Cross-site Scripting in the application image file upload in github.com/gotify/server...
GO-2022-0298 Command injection in gh-ost in github.com/github/gh-ost
Command injection in gh-ost in github.com/github/gh-ost...
ALSA-2024:4312 Important: openssh security update
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: Possible remote code execution due to a race condition in signal handling...
CVE-2024-6387
A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period...
SUSE-SU-2024:2190-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47548: Fixed a possible array out-of=bounds bsc1225506 - CVE-2022-48689: Fixed data-race in lruaddfn bsc1223959 - CVE-2022-48691: Fixed memory leak in...
GO-2024-2887 Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip
The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...
CVE-2023-50230
BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must...
GHSA-2XP3-57P7-QF4V xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing
Summary Default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of https://www.w3.org/TR/2008/REC-xmldsig-core-20080610/sec-CoreValidation. As such, without additional validation steps, the default configuration allows a...
BIT-CODEIGNITER-2022-39284
CodeIgniter is a PHP full-stack web framework. In versions prior to 4.2.7 setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. As a result cookie values are erroneously exposed to scripts. It should be noted that this vulnerability does...
ALSA-2023:5091 Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: UAF in nftables when nftsetlookupglobal triggered after handling named and anonymous sets in batch requests CVE-2023-3390 kernel:...
PYSEC-2023-133
Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...
ALSA-2023:2167 Moderate: grafana security and enhancement update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880 golang: net/http: handle server errors after sending GOAWAY...
PYSEC-2022-43002
Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2...
GHSA-WW2V-FRV5-PJ5X Joplin is vulnerable to arbitrary code execution
Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles...
MAL-2022-275 Malicious code in @flameshot/fetlife-assets (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b8bbca4a9cd0a35a35928860188f38aa877f6edfa6b4eb2b65c110d2d83990bf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-6GJJ-C5MJ-4CVP Improper Input Validation in Apache Tomcat
org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL...
GHSA-5CQM-CRXM-6QPV Buffer overrun in CGI.escape_html
A buffer overrun vulnerability was discovered in CGI.escapehtml. This can lead to a buffer overflow when a user passes a very large string 700 MB to CGI.escapehtml on a platform where long type takes 4 bytes, typically, Windows...
ASB-A-180745296
In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
GHSA-2GHC-6V89-PW9J body-parser-xml vulnerable to Prototype Pollution
body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...
UVI-2021-1001147 CWE-89 in Secure Remote Access (SRA) version 8.x, 9.0.0.9-26sv and earlier
SonicWall is aware of improper neutralization of a SQL Command leading to SQL Injection vulnerability, reported by CrowdStrike, impacting end-of-life Secure Remote Access SRA products, specifically the SRA appliances running all 8.x firmware or an old version of firmware 9.x 9.0.0.9-26sv or...
GHSA-P9W3-GWC2-CR49 HTTP Request Smuggling in Undertow
A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...
DSA-4701-1 intel-microcode - security update
Bulletin has no description...
GHSA-2P68-F74V-9WC6 ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
In ActiveSupport, there is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when untrusted user input is written to the cache store using the raw: true parameter, re-reading the result from the cache can evaluate the user input as a Marshalled object instead of pla...
UBUNTU-CVE-2017-11145
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelibmeridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parsedate.c out-of-bounds reads affecting the...
DSA-3344-1 php5 - security update
Bulletin has no description...
DSA-2399-1 php5 - several
Bulletin has no description...
DSA-1940-1 php5 - multiple issues
Bulletin has no description...
DSA-1621-1 icedove - several vulnerabilities
Bulletin has no description...
DSA-1535-1 iceweasel
Bulletin has no description...
DSA-1339-1 iceape - several
Bulletin has no description...
DSA-1304 kernel-source-2.6.8 - several
Bulletin has no description...
RHSA-2026:18683 Red Hat Security Advisory: libssh security update
Bulletin has no description...
RHSA-2023:5967 Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (collectd-libpod-stats, etcd) security update
Bulletin has no description...
OPENSUSE-SU-2024:10438-1 freetype2-devel-2.7-1.1 on GA media
These are all security issues fixed in the freetype2-devel-2.7-1.1 package on the GA media of openSUSE Tumbleweed...
GHSA-5PGG-2G8V-P4X9 SheetJS Regular Expression Denial of Service (ReDoS)
SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service ReDoS. A non-vulnerable version cannot be found via npm, as the repository hosted on GitHub and the npm package xlsx are no longer maintained. Version 0.20.2 can be downloaded via https://cdn.sheetjs.com...
BIT-APACHE-2020-9490
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...
CVE-2024-23807
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...
CVE-2024-23829 aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
ALSA-2023:7077 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: tun: avoid double free in tunfreenetdev CVE-2022-4744 kernel: net/sched: multiple vulnerabilities CVE-2023-3609, CVE-2023-3611, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208...
CVE-2023-45145 Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...
RSEC-2023-8 Denial of Service (DoS) vulnerabilities
cmark-gfm, GitHub's extended version of the CommonMark library in C, suffers from multiple vulnerabilities affecting versions prior to 0.29.0.gfm.12. Various issues, including polynomial time complexity in multiple components like autolink extension, handleclosebracket, and parsing of certain tex...
DSA-5514-1 glibc - security update
Bulletin has no description...
GHSA-RQ5C-HVW6-8PR7 Improper log output when using GitHub Status Notifications in spinnaker
Impact ONLY IMPACTS those use GitHub Status Notifications Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the...
DSA-5474-1 intel-microcode - security update
Bulletin has no description...
CVE-2023-28450
An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020...
CVE-2023-26033 Gentoo soko contains DoS attack based on SQL Injection
Gentoo soko is the code that powers packages.gentoo.org. Versions prior to 1.0.1 are vulnerable to SQL Injection, leading to a Denial of Service. If the user selects in user preferences the "Recently Visited Packages" view for the index page, the value of the searchhistory cookie is used as a...
GHSA-6RRR-78XP-5JP8 Zitadel RefreshToken invalidation vulnerability
Impact RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The deactivated or locked user was able to obtai...
DSA-5281-1 nginx - security update
Bulletin has no description...
CVE-2022-42915
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...