907431 matches found
ALSA-2021:1578 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Integer overflow in IntelR Graphics Drivers CVE-2020-12362 kernel: memory leak in sofsetgetlargectrldata function in sound/soc/sof/ipc.c CVE-2019-18811 kernel: use-after-free caused by a...
ASB-A-175451802
In tiocspgrp of ttyjobctrl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
DLA-2638-1 jackson-databind - security update
Bulletin has no description...
DSA-4875-1 openssl - security update
Bulletin has no description...
ASB-A-169505740
In speculationctrlupdate of process.c, there is a possible way to disable Speculative Store Bypass Disable due to a logic error, which allows for side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction i...
GHSA-JPHG-QWRW-7W9G Unsafe object creation in json RubyGem
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269/GHSA-x457-cw4h-hq5f, but does not rely on poor garbage-collection behavior within Ruby. Specificall...
DSA-4553-1 php7.3 - security update
Bulletin has no description...
DSA-4549-1 firefox-esr - security update
Bulletin has no description...
DLA-1862-1 linux - security update
Bulletin has no description...
DLA-1813-1 php5 - security update
Bulletin has no description...
DLA-1715-1 linux-4.9 - security update
Bulletin has no description...
GHSA-3RMV-2PG5-XVQJ Spring Framework has Improperly Implemented Security Check for Standard
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...
DSA-4240-1 php7.0 - security update
Bulletin has no description...
DSA-4081-1 php5 - security update
Bulletin has no description...
DSA-4080-1 php7.0 - security update
Bulletin has no description...
DLA-1157-1 openssl - security update
Bulletin has no description...
GHSA-FH39-V733-MXFR Active Record vulnerable to SQL Injection via nested query parameters
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...
GHSA-MPXF-GCW2-PW5Q actionpack Improper Input Validation vulnerability
actionpack/lib/actionview/lookupcontext.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service memory consumption via a header containing an invalid MIME type that leads to excessive caching...
DSA-4004-1 jackson-databind - security update
Bulletin has no description...
DLA-1099-1 linux - security update
Bulletin has no description...
DLA-1073-1 openjdk-7 - security update
Bulletin has no description...
DSA-3927-1 linux - security update
Bulletin has no description...
CVE-2017-8923
The zendstringextend function in Zend/zendstring.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact by leveraging a script's use ...
DLA-670-1 linux - security update
Bulletin has no description...
DLA-533-1 php5 - security update
Bulletin has no description...
DSA-3510-1 iceweasel - security update
Bulletin has no description...
DSA-3471-1 qemu - security update
Bulletin has no description...
DSA-3364-1 linux - security update
Bulletin has no description...
DSA-3362-1 qemu-kvm - security update
Bulletin has no description...
DLA-246-1 linux-2.6 - security update
Bulletin has no description...
DLA-71-1 apache2 - security update
Bulletin has no description...
DLA-66-1 apache2 - security update
Bulletin has no description...
DSA-2928-1 linux-2.6 - security update
Bulletin has no description...
DSA-2266-1 php5 - several
Bulletin has no description...
DSA-2025-1 icedove - several vulnerabilities
Bulletin has no description...
DSA-1956-1 xulrunner - several vulnerabilities
Bulletin has no description...
DSA-1694-1 xterm - remote code execution
Bulletin has no description...
DSA-1378-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
Bulletin has no description...
CVE-2025-31672
Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names including the path in the zip. In this cas...
RHSA-2025:0648 Red Hat Security Advisory: OpenShift Container Platform 4.15.44 security update
Bulletin has no description...
GO-2024-3305 Moby Race Condition vulnerability in github.com/moby/moby
Moby Race Condition vulnerability in github.com/moby/moby...
CVE-2024-50264 vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans During loopback communication, a dangling pointer can be created in vsk-trans, potentially leading to a Use-After-Free condition. This issue is resolved ...
BIT-PYTHON-2021-3177
Python 3.x through 3.9.1 has a buffer overflow in PyCArgrepr in ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to cdouble.fromparam. This occurs because sprintf is...
RHSA-2018:2927 Red Hat Security Advisory: Satellite 6.4 security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2023:7637 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 7 security update
Bulletin has no description...
SUSE-SU-2024:2381-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47103: net: sock: preserve kabi for sock bsc1221010. - CVE-2021-47191: Fix out-of-bound read in respreadcap16 bsc1222866. - CVE-2021-47267: usb: fix...
CVE-2024-38473
Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
DSA-5724-1 openssh - security update
Bulletin has no description...
GHSA-MWC7-64WG-PGVJ NiceGUI allows potential access to local file system
NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...
ALSA-2024:1607 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: vmwgfx: NULL pointer dereference in vmwcmddxdefinequery CVE-2022-38096 kernel: Out of boundary write in perfreadgroup as result of overflow a perfevent's readsize CVE-2023-6931 kernel: GS...