907431 matches found
DSA-4410-1 openjdk-8 - security update
Bulletin has no description...
DSA-4384-1 libgd2 - security update
Bulletin has no description...
GHSA-MQ8P-H798-XCRP Exposure of Sensitive Information in Hadoop
The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications...
DSA-4266-1 linux - security update
Bulletin has no description...
DSA-4018-1 openssl - security update
Bulletin has no description...
DSA-3860-1 samba - security update
Bulletin has no description...
CVE-2016-10187
The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript...
DSA-3804-1 linux - security update
Bulletin has no description...
DLA-779-1 tomcat7 - security update
Bulletin has no description...
DSA-3696-1 linux - security update
Bulletin has no description...
DLA-486-1 imagemagick - security update
Bulletin has no description...
DSA-3060-1 linux - security update
Bulletin has no description...
DSA-2583-1 iceweasel - several
Bulletin has no description...
DSA-1655-1 linux-2.6.24 - several vulnerabilities
Bulletin has no description...
DSA-1305-1 icedove - several vulnerabilities
Bulletin has no description...
RUSTSEC-2026-0173 proc-macro-error2 is unmaintained
The author of proc-macro-error2 has confirmed that the crate is no longer maintained and recommends that users migrate away from it. proc-macro-error2 was originally created as a maintained fork of proc-macro-error see RUSTSEC-2024-0370. Both the original crate and this fork are now unmaintained...
EEF-CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1
Summary Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value...
BIT-TOMCAT-2024-24549 Apache Tomcat: HTTP/2 header handling DoS
Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been...
RHSA-2024:0777 Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
Bulletin has no description...
RHSA-2024:5102 Red Hat Security Advisory: kernel-rt security update
Bulletin has no description...
GO-2023-2085 Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd
Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server in github.com/argoproj/argo-cd...
CVE-2024-39573
Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
MAL-2024-6694 Malicious code in assembla-cli (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-5024 Malicious code in cxcxcx (PyPI)
--- -= Per source details. Do not edit below this line.=-...
OPENSUSE-SU-2024:12948-1 ungoogled-chromium-113.0.5672.92-1.1 on GA media
These are all security issues fixed in the ungoogled-chromium-113.0.5672.92-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2023-46218
This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...
ALSA-2023:7139 Moderate: samba security, bug fix, and enhancement update
Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version:...
ALSA-2023:6659 Moderate: python3.9 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following...
DLA-3638-1 h2o - security update
Bulletin has no description...
CVE-2023-46301
iTerm2 before 3.4.20 allow potentially remote code execution because of mishandling of certain escape sequences related to upload...
ALSA-2023:5749 Important: .NET 7.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 7.0 to SDK 7.0.112 and Runtime 7.0.12...
GHSA-4374-P667-P6C8 HTTP/2 rapid reset can cause excessive work in net/http
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
PYSEC-2023-83
Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette...
GHSA-R97Q-GHCH-82J9 Ghost vulnerable to information disclosure of private API fields
Impact Due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack. GhostPro has already been patched. We can find no evidence that the issue was exploited on GhostPro prior to the patch being added. Self-hosters are...
DSA-5358-1 asterisk - security update
Bulletin has no description...
GHSA-J2H2-G882-X9J2 Deserialization of Untrusted Data in thinkphp
thinkphp 6.0.06.0.13 and 6.1.06.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload...
DLA-3295-1 node-moment - security update
Bulletin has no description...
DSA-5298-1 cacti - security update
Bulletin has no description...
CVE-2022-32221
When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...
GHSA-6263-X97C-C4GG matrix-js-sdk subject to impersonated messages due to permissive key forwarding
Impact An attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-js-sdk implementing a too...
DSA-5242-1 maven-shared-utils - security update
Bulletin has no description...
PYSEC-2022-288
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
DLA-3120-1 poppler - security update
Bulletin has no description...
MAL-2022-6974 Malicious code in vscode-clangd (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3e05ac1fabef54ef34176e9d555cb6e63b3dfbc2241cf304ab6a1b8b3cd2cc9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
DLA-3085-1 curl - security update
Bulletin has no description...
DSA-5207-1 linux - security update
Bulletin has no description...
DSA-5199-1 xorg-server - security update
Bulletin has no description...
MAL-2022-2913 Malicious code in example-typescript (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 67077359006aa50f08c2757c83cc757f06c0b0817b3beb029ce4f6e823236c03 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-R58R-74GX-6WX3 Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
GHSA-CRJR-9RC5-GHW8 Nokogiri Inefficient Regular Expression Complexity
Summary Nokogiri = 1.13.4. Severity The Nokogiri maintainers have evaluated this as High Severity 7.5 CVSS3.1. References CWE-1333 Inefficient Regular Expression Complexity Credit This vulnerability was reported by HackerOne user oooooooq ななおく...