907431 matches found
GHSA-W5M8-5V9M-XHX5 Critical severity vulnerability that affects Haraka
Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection...
DLA-1608-1 php5 - security update
Bulletin has no description...
DLA-1389-1 apache2 - security update
Bulletin has no description...
GHSA-PR3R-4WRP-R2PV ActiveRecord in Ruby on Rails allows database-query bypass
Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...
DSA-3739-1 tomcat8 - security update
Bulletin has no description...
DSA-3673-1 openssl - security update
Bulletin has no description...
DLA-456-1 openssl - security update
Bulletin has no description...
DSA-3313-1 linux - security update
Bulletin has no description...
DLA-247-1 openssl - security update
Bulletin has no description...
DSA-3198-1 php5 - security update
Bulletin has no description...
DSA-2926-1 linux - security update
Bulletin has no description...
DSA-2911-1 icedove - security update
Bulletin has no description...
DSA-2003-1 linux-2.6 - several vulnerabilities
Bulletin has no description...
DSA-1800-1 linux-2.6 user-mode-linux - several vulnerabilities
Bulletin has no description...
DSA-1103 kernel-source-2.6.8 - several vulnerabilities
Bulletin has no description...
DSA-1070-1 kernel-source-2.4.19 - several vulnerabilities
Bulletin has no description...
MAL-2026-5315 Malicious code in ensmallen (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f844af5d6142ffdd36c3697ff26feabb3d79b6f75e5ac403d2ade6460023e04c Versions 0.8.101 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using...
MGASA-2026-0130 Updated perl-Gazelle packages fix security vulnerability
Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. CVE-2026-40562...
CGA-9C65-97PV-F3RG
Bulletin has no description...
BIT-NGINX-2025-53859 NGINX ngx_mail_smtp_module vulnerability
NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...
SUSE-SU-2024:3985-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48879: efi: fix NULL-deref in init error path bsc1229556. - CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1231893. - CVE-2022-48957:...
RHSA-2023:5979 Red Hat Security Advisory: Satellite 6.12.5.2 Async Security Update
Bulletin has no description...
CGA-PFMC-9PXP-XX2W
Bulletin has no description...
GO-2022-1032 Cloudflare GoFlow vulnerable to a Denial of Service in the sflow packet handling package in github.com/cloudflare/goflow
Cloudflare GoFlow vulnerable to a Denial of Service in the sflow packet handling package in github.com/cloudflare/goflow...
GO-2023-1577 Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd
Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd...
GO-2024-3058 Gorush uses deprecated TLS versions in github.com/appleboy/gorush
An issue in the RunHTTPServer function in Gorush allows attackers to intercept and manipulate data due to the use of a deprecated TLS version...
CVE-2024-40725
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...
ALSA-2024:4620 Important: libndp security update
Libndp is a library used by NetworkManager that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages. Security Fixes: libndp: buffer overflow in route information length field CVE-2024-5564 For more details about...
ALSA-2024:4563 Important: java-1.8.0-openjdk security update
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: RangeCheckElimination array index overflow 8323231 CVE-2024-21147 OpenJDK: potential UTF8 size overflow 8314794 CVE-2024-21131 OpenJDK: Excessiv...
BIT-APACHE-2024-39573 Apache HTTP Server: mod_rewrite proxy handler substitution
Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
GO-2024-2902 Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd
Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd...
CGA-XWXC-6M8M-G938
Bulletin has no description...
GHSA-4W54-WWC9-X62C Silverpeas authentication bypass
Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access...
RLSA-2024:1688 Important: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTT...
BIT-PHP-2020-7059 OOB read in php_strip_tags_ex
When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash...
BIT-NODE-2023-30585
A vulnerability has been identified in the Node.js .msi version installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the "msiexec.exe" process, running under the NT AUTHORITY\SYSTEM...
GHSA-M4PQ-FV2W-6HRW Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping
Summary A maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request contents. Details In the patch for CVE-2023-28446, Deno is stripping any ANSI escape sequences from the permission prompt, but permissions given to t...
CVE-2024-23639 micronaut-core management endpoints vulnerable to drive-by localhost attack
Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...
CVE-2023-42465
Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is based on not equaling an error value instead of equaling a success value, and because the values do not resist flips of a single bit...
PYSEC-2023-240
Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...
DSA-5550-1 cacti - security update
Bulletin has no description...
GHSA-5PR3-M5HM-9956 WPS Server Side Request Forgery vulnerability
Summary The OGC Web Processing Service WPS specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. Details This vulnerability requires: The WPS extension to be installed The WPS security setting...
RLSA-2023:5738 Important: go-toolset and golang security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fixes: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325...
GO-2023-2095 Arbitrary code execution during build via line directives in cmd/go
Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...
CVE-2023-4504
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023...
CVE-2023-4863
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical...
MAL-2023-1011 Malicious code in docusaurus-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 051d35253b6ae2ef5d7366a3879b1783f91c35cc5fa1346198db3d6326e0e589 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
PYSEC-2023-115
Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry...
ALSA-2023:1670 Important: httpd and mod_http2 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP request splitting with modrewrite and modproxy CVE-2023-25690 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...