908476 matches found
RUSTSEC-2022-0011 Miscomputation when performing AES encryption in rust-crypto
The following Rust program demonstrates some strangeness in AES encryption - if you have an immutable key slice and then operate on that slice, you get different encryption output than if you operate on a copy of that key. For these functions, we expect that extending a 16 byte key to a 32 byte k...
DSA-5073-1 expat - security update
Bulletin has no description...
GHSA-CH68-7CF4-35VR Limited ability to spoof SAML authentication with missing audience verification in Fleet
Impact This impacts deployments using SAML SSO in two specific cases: 1. A malicious or compromised Service Provider SP could reuse the SAML response to log into Fleet as a user -- only if the user has an account with the same email in Fleet, and the user signs into the malicious SP via SAML SSO...
DLA-2871-1 lxml - security update
Bulletin has no description...
ASB-A-195630721
In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass of INTERACTACROSSPROFILES permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...
GHSA-H73Q-5WMJ-Q8PJ Cross site scripting in datatables.net
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped...
UVI-2021-1001091 mm/slub: actually fix freelist pointer vs redzoning
mm/slub: actually fix freelist pointer vs redzoning This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.13 by commit...
DLA-2498-1 xerces-c - security update
Bulletin has no description...
ASB-A-158854097
In smpkeydistribution of smpact.cc, there are possible vulnerabilities in Cross-Transport Key Derivation due to weaknesses in the Bluetooth standard. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
RUSTSEC-2020-0075 Unexpected panic when decoding tokens
Prior to 0.10.0 it was possible to have both decoding functions panic unexpectedly, by supplying tokens with an incorrect base62 encoding. The documentation stated that an error should have been reported instead...
RLSA-2020:4847 Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
The Public Key Infrastructure PKI Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fixes: jquery: Cross-site scripting via cross-domain ajax requests CVE-2015-9251 bootstrap: XSS in the data-target attribute CVE-2016-10735 bootstrap:...
DSA-4774-1 linux - security update
Bulletin has no description...
DLA-2369-1 libxml2 - security update
Bulletin has no description...
ASB-A-150693748
In lockswakeupblocks of locks.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
GHSA-6VWP-35W3-XPH8 Insecure Deserialization in Apache XML-RPC
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC aka ws-xmlrpc library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issu...
DLA-2211-1 log4net - security update
Bulletin has no description...
DLA-2209-1 tomcat8 - security update
Bulletin has no description...
DLA-2188-1 php5 - security update
Bulletin has no description...
GHSA-XFQH-7356-VQJJ Exposure of Sensitive Information to an Unauthorized Actor in Keycloak
It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information...
DSA-4628-1 php7.0 - security update
Bulletin has no description...
DSA-4511-1 nghttp2 - security update
Bulletin has no description...
DSA-4456-1 exim4 - security update
Bulletin has no description...
PYSEC-2019-225
Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory...
DLA-1754-1 samba - security update
Bulletin has no description...
DSA-4410-1 openjdk-8 - security update
Bulletin has no description...
DSA-4398-1 php7.0 - security update
Bulletin has no description...
DSA-4384-1 libgd2 - security update
Bulletin has no description...
DSA-4348-1 openssl - security update
Bulletin has no description...
DSA-4308-1 linux - security update
Bulletin has no description...
DLA-1400-1 tomcat7 - security update
Bulletin has no description...
DLA-1397-1 php5 - security update
Bulletin has no description...
DLA-1326-1 php5 - security update
Bulletin has no description...
GHSA-6MQ2-37J5-W6R6 WEBrick Improper Input Validation vulnerability
WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrar...
DSA-3999-1 wpa - security update
Bulletin has no description...
DLA-818-1 php5 - security update
Bulletin has no description...
DLA-522-1 python2.7 - security update
Bulletin has no description...
DSA-3566-1 openssl - security update
Bulletin has no description...
DSA-3142-1 eglibc - security update
Bulletin has no description...
DSA-3117-1 php5 - security update
Bulletin has no description...
DSA-2766-1 linux-2.6 - several
Bulletin has no description...
RUSTSEC-2026-0173 proc-macro-error2 is unmaintained
The author of proc-macro-error2 has confirmed that the crate is no longer maintained and recommends that users migrate away from it. proc-macro-error2 was originally created as a maintained fork of proc-macro-error see RUSTSEC-2024-0370. Both the original crate and this fork are now unmaintained...
ROOT-APP-PYPI-CVE-2026-28684 CVE-2026-28684 in rootio-python-dotenv - Patched by Root
Root has patched CVE-2026-28684 in the rootio-python-dotenv package for Root:PyPI. Multiple fixed versions available...
PYSEC-2025-186
A vulnerability has been found in wasm3 0.5.0 and classified as problematic. This vulnerability affects the function MarkSlotAllocated of the file source/m3compile.c. The manipulation leads to out-of-bounds write. An attack has to be approached locally. The exploit has been disclosed to the publi...
DEBIAN-CVE-2022-49542
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move cfglogverbose check before calling lpfcdmpdbg In an attempt to log message 0126 with LOGTRACEEVENT, the following hard lockup call trace hangs the system. Call Trace: rawspinlockirqsave+0x32/0x40...
CGA-G8R9-VV23-F4JF
Bulletin has no description...
RHSA-2024:1141 Red Hat Security Advisory: mysql security update
Bulletin has no description...
RHSA-2018:0279 Red Hat Security Advisory: rh-mariadb100-mariadb security update
Bulletin has no description...
CVE-2024-40898
SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue...
CGA-C49Q-4CQQ-XWX4
Bulletin has no description...
BIT-GITLAB-2021-39890
It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above...