907914 matches found
DSA-4073-1 linux - security update
Bulletin has no description...
DLA-1157-1 openssl - security update
Bulletin has no description...
GHSA-MPXF-GCW2-PW5Q actionpack Improper Input Validation vulnerability
actionpack/lib/actionview/lookupcontext.rb in Action View in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to cause a denial of service memory consumption via a header containing an invalid MIME type that leads to excessive caching...
DSA-4004-1 jackson-databind - security update
Bulletin has no description...
DLA-1114-1 ruby1.9.1 - security update
Bulletin has no description...
DLA-1099-1 linux - security update
Bulletin has no description...
DSA-3927-1 linux - security update
Bulletin has no description...
DLA-1024-1 nginx - security update
Bulletin has no description...
DSA-3896-1 apache2 - security update
Bulletin has no description...
DSA-3886-1 linux - security update
Bulletin has no description...
CVE-2017-8923
The zendstringextend function in Zend/zendstring.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact by leveraging a script's use ...
DLA-670-1 linux - security update
Bulletin has no description...
DSA-3510-1 iceweasel - security update
Bulletin has no description...
DLA-421-1 openssl - security update
Bulletin has no description...
DSA-3471-1 qemu - security update
Bulletin has no description...
DLA-307-1 php5 - security update
Bulletin has no description...
DLA-246-1 linux-2.6 - security update
Bulletin has no description...
DSA-3187-1 icu - security update
Bulletin has no description...
DSA-3125-1 openssl - security update
Bulletin has no description...
DSA-2943-1 php5 - security update
Bulletin has no description...
UBUNTU-CVE-2013-7039
Stack-based buffer overflow in the MHDdigestauthcheck function in libmicrohttpd before 0.9.32, when MHDOPTIONCONNECTIONMEMORYLIMIT is set to a large value, allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a long URI in an authentication header...
DSA-2266-1 php5 - several
Bulletin has no description...
DSA-2025-1 icedove - several vulnerabilities
Bulletin has no description...
DSA-1378-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
Bulletin has no description...
DSA-380 xfree86 - buffer overflows, denial of service
Bulletin has no description...
GHSA-C2P3-7M5P-CV8X Symfony hardened the parser when handling untrusted input
Description Symfony\Component\Yaml\Parser is the entry point for parsing YAML strings into PHP values via Yaml::parse. When the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level Parser::parseBlock and inline Inline::parseSequence /...
MAL-2025-191211 Malicious code in @dev-blinq/blinqioclient (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3a1d417e283165e25dc75c9510f4bcdde80854ca5600090b4de220548e72ae1 The package @dev-blinq/blinqioclient was found to contain malicious code. Source: google-open-source-security...
DEBIAN-CVE-2025-43433
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption...
BIT-PYTHON-2024-8088 Infinite loop when iterating over zip archive entry names from zipfile.Path
There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive for example, methods of "zipfile.Path" like "namelist", "iterdir", etc...
CVE-2025-31672
Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names including the path in the zip. In this cas...
RHSA-2025:0648 Red Hat Security Advisory: OpenShift Container Platform 4.15.44 security update
Bulletin has no description...
CVE-2024-50264 vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans During loopback communication, a dangling pointer can be created in vsk-trans, potentially leading to a Use-After-Free condition. This issue is resolved ...
CVE-2024-10977
Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...
RHSA-2023:6583 Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2022:7683 Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2018:0279 Red Hat Security Advisory: rh-mariadb100-mariadb security update
Bulletin has no description...
RUSTSEC-2024-0368 olm-sys: wrapped library unmaintained, potentially vulnerable
After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind. Users of olm-sys and its higher-level abstraction, olm-rs,...
GO-2022-0350 Code injection in Stripe CLI on windows in github.com/stripe/stripe-cli
Code injection in Stripe CLI on windows in github.com/stripe/stripe-cli...
GHSA-9794-PC4R-438W Local File Inclusion in Solara
A Local File Inclusion LFI vulnerability was identified in widgetti/solara, in version 1.35.1, which was fixed in version 1.35.1. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../' when serving static files. ...
CVE-2024-39905 Red-DiscordBot vulnerable to Incorrect Authorization in commands API
Red is a fully modular Discord bot. Due to a bug in Red's Core API, 3rd-party cogs using the @commands.canmanagechannel command permission check without additional permission controls may authorize a user to run a command even when that user doesn't have permissions to manage a channel. None of t...
CVE-2024-39894
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., for su and Sudo because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur...
DSA-5724-1 openssh - security update
Bulletin has no description...
GO-2024-2729 OpenFGA Authorization Bypass in github.com/openfga/openfga
OpenFGA Authorization Bypass in github.com/openfga/openfga...
ALSA-2024:2950 Moderate: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to t...
RLSA-2024:1786 Important: httpd:2.4/mod_http2 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modhttp2: CONTINUATION frames DoS CVE-2024-27316 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
GHSA-VJWG-28GV-PM8H Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881
Impact The TineMCE Bundle uses tinymce version 6.7.3. CVEs for this version exists for 6.8.1: https://nvd.nist.gov/vuln/detail/CVE-2024-29203 https://nvd.nist.gov/vuln/detail/CVE-2024-29881 Patches The package should be updated to at least 6.8.1 to avoid XSS vulnerability. Workarounds Upgrade...
RLSA-2024:1614 Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: vmwgfx: NULL pointer dereference in vmwcmddxdefinequery CVE-2022-38096 kernel: Out of boundary write in perfreadgroup as result of...
CVE-2023-38709
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58...
BIT-PYTHON-2021-3426
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to...
BIT-NGINX-2021-3618
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...