909148 matches found
GHSA-3VPF-MCJ7-5H38 Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages
Impact The Fides web application allows data subject users to request access to their personal data. If the request is approved by the data controller user operating the Fides web application, the data subject's personal data can then retrieved from connected systems and data stores before being...
ASB-A-274006187
Bulletin has no description...
CVE-2023-46301
iTerm2 before 3.4.20 allow potentially remote code execution because of mishandling of certain escape sequences related to upload...
BIT-2023-42780
Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dagids and the stack-traces of import errors for those DAGs with import...
ALSA-2023:5749 Important: .NET 7.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 7.0 to SDK 7.0.112 and Runtime 7.0.12...
GHSA-4374-P667-P6C8 HTTP/2 rapid reset can cause excessive work in net/http
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
CVE-2023-36478 HTTP/2 HPACK integer overflow and buffer allocation
Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in MetaDataBuilder.checkSize allows for HTTP/2 HPACK header values to exceed their size limit. MetaDataBuilder.java determines if a...
GO-2023-2052 IsFromLocal local address check can be circumvented in github.com/gofiber/fiber/v2
The Ctx.IsFromLocal function can incorrectly report a request as being sent from localhost when the request contains an X-Forwarded-For header containing a localhost IP address...
PYSEC-2023-83
Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette...
GHSA-R97Q-GHCH-82J9 Ghost vulnerable to information disclosure of private API fields
Impact Due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack. GhostPro has already been patched. We can find no evidence that the issue was exploited on GhostPro prior to the patch being added. Self-hosters are...
ASB-A-234442700
In sendHalfSheetCancelBroadcast of HalfSheetActivity.java, there is a possible way to learn nearby BT MAC addresses due to an unrestricted broadcast intent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
DLA-3346-1 python-werkzeug - security update
Bulletin has no description...
DSA-5358-1 asterisk - security update
Bulletin has no description...
DLA-3295-1 node-moment - security update
Bulletin has no description...
CVE-2022-32221
When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...
ASB-A-205130886
In createPresentationContext of Presentation.java, there is a possible way to start a foreground activity from background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
GHSA-6263-X97C-C4GG matrix-js-sdk subject to impersonated messages due to permissive key forwarding
Impact An attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-js-sdk implementing a too...
PYSEC-2022-288
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
DLA-3085-1 curl - security update
Bulletin has no description...
DSA-5199-1 xorg-server - security update
Bulletin has no description...
GHSA-FMMQ-J7PQ-F85C JRuby denial of service via Hash Collision
JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains a hash table, as demonstrated by a universal...
GHSA-R58R-74GX-6WX3 Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
GHSA-CRJR-9RC5-GHW8 Nokogiri Inefficient Regular Expression Complexity
Summary Nokogiri = 1.13.4. Severity The Nokogiri maintainers have evaluated this as High Severity 7.5 CVSS3.1. References CWE-1333 Inefficient Regular Expression Complexity Credit This vulnerability was reported by HackerOne user oooooooq ななおく...
DLA-2919-1 python2.7 - security update
Bulletin has no description...
GHSA-9FP7-4FJM-Q3MF Prototype Pollution in keyget
The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. Note: This vulnerability derives from an incomplete fix to CVE-2020-28272...
GHSA-77RM-9X9H-XJ3G Withdrawn Advisory: NULL Pointer Dereference in Protocol Buffers
Withdrawn Advisory This advisory has been withdrawn because the protobuf vulnerability comes from the compiler rather that the code. This link is maintained to preserve external references. Original Description Nullptr dereference when a null char is present in a proto symbol. The symbol is parse...
DSA-5018-1 python-babel - security update
Bulletin has no description...
GHSA-WMPV-C2JP-J2XG ERC1155Supply vulnerability in OpenZeppelin Contracts
When ERC1155 tokens are minted, a callback is invoked on the receiver of those tokens, as required by the spec. When including the ERC1155Supply extension, total supply is not updated until after the callback, thus during the callback the reported total supply is lower than the real number of...
DLA-2814-1 openjdk-8 - security update
Bulletin has no description...
CVE-2021-42013
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default...
DSA-4978-1 linux - security update
Bulletin has no description...
DLA-2692-1 bluez - security update
Bulletin has no description...
GHSA-29QJ-RVV6-QRMV Cross-site scripting in RESTEasy
A cross-site scripting XSS flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack...
CVE-2021-29614
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.io.decoderaw produces incorrect results and crashes the Python interpreter when combining fixedlength and wider datatypes. The implementation of the padded...
ASB-A-175451802
In tiocspgrp of ttyjobctrl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
DSA-4882-1 openjpeg2 - security update
Bulletin has no description...
DLA-2604-1 dnsmasq - security update
Bulletin has no description...
ASB-A-170658976
In fillthreadcoreinfo of binfmtelf.c, there is a possible leak of kernel heap memory due to uninitialized data. This could lead to local information disclosure to an application core dump with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-169505740
In speculationctrlupdate of process.c, there is a possible way to disable Speculative Store Bypass Disable due to a logic error, which allows for side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction i...
DLA-2492-1 openssl - security update
Bulletin has no description...
RUSTSEC-2020-0081 `mio` invalidly assumes the memory layout of std::net::SocketAddr
The mio crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...
RUSTSEC-2020-0072 GenericMutexGuard allows data races of non-Sync types across threads
GenericMutexGuard was given the Sync auto trait as long as T is Send due to its contained members. However, since the guard is supposed to represent an acquired lock and allows concurrent access to the underlying data from different threads, it should only be Sync when the underlying data is. Thi...
GHSA-82RF-Q3PR-4F6P Sensitive data exposure in NATS
Preview versions of two NPM packages and one Deno package from the NATS project contain an information disclosure flaw, leaking options to the NATS server; for one package, this includes TLS private credentials. The connection configuration options in these JavaScript-based implementations were...
DSA-4739-1 webkit2gtk - security update
Bulletin has no description...
ASB-A-156071259
In usbsgcancel of message.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
DSA-4727-1 tomcat9 - security update
Bulletin has no description...
DSA-4717-1 php7.0 - security update
Bulletin has no description...
GHSA-334P-WV2M-W3VP Denial of service in Apache Xerces2
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service infinite loop and application hang via malformed XML input, as...
DSA-4699-1 linux - security update
Bulletin has no description...
DLA-2135-1 jackson-databind - security update
Bulletin has no description...