907431 matches found
CVE-2023-27533
A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...
GHSA-RWMF-W63J-P7GV CairoSVG improperly processes SVG files loaded from external resources
SSRF vulnerability Summary When CairoSVG processes an SVG file, it can make requests to the inner host and different outside hosts. Operating system, version and so on Linux, Debian Buster LTS core 5.10 / Parrot OS 5.1 Electro Ara, python 3.9 Tested CairoSVG version 2.6.0 Details A specially...
GHSA-PJ73-V5MW-PM9J Possible XSS Security Vulnerability in SafeBuffer#bytesplice
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This vulnerability has been assigned the CVE identifier CVE-2023-28120. Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3 Impact ActiveSupport uses...
DLA-3357-1 imagemagick - security update
Bulletin has no description...
RLSA-2023:0852 Moderate: httpd:2.4 security and bug fix update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: moddav: out-of-bounds read/write of zero byte CVE-2006-20001 httpd: modproxyajp: Possible request smuggling CVE-2022-36760 httpd: modproxy: HTTP response splitting...
DLA-3335-1 asterisk - security update
Bulletin has no description...
GHSA-P52G-CM5J-MJV4 openssl-src subject to Timing Oracle in RSA Decryption
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...
GHSA-CVH4-CJC9-84QM owncast is vulnerable to SQL Injection
SQL Injection in GitHub repository owncast/owncast prior to 0.0.13...
DLA-3207-1 jackson-databind - security update
Bulletin has no description...
RLSA-2022:8067 Moderate: httpd security, bug fix, and enhancement update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: httpd 2.4.53. BZ2079939 Security Fixes: httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: modlua: Use of...
ALSA-2022:7647 Moderate: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modsed: Read/write beyond bounds CVE-2022-23943 httpd: modlua: Use of uninitialized value of in r:parsebody CVE-2022-22719 httpd: core: Possible buffer overflow with very...
CVE-2022-3602
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...
DLA-3164-1 python-django - security update
Bulletin has no description...
GHSA-W3W9-VRF5-8MX8 ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
Impact In ReactPHP's HTTP server component versions below v1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host- and Secure- confused with cookies that decode to such prefix, thus leading to an attacker...
GHSA-J95R-86HX-XWXG Rank Math SEO plugin vulnerable to Server-Side Request Forgery
Server-Side Request Forgery SSRF vulnerability in Rank Math SEO plugin = 1.0.95 at WordPress...
DSA-5175-1 thunderbird - security update
Bulletin has no description...
GHSA-PFRX-2Q88-QQ97 Got allows a redirect to a UNIX socket
The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket...
GHSA-F3FP-GC8G-VW66 Default inheritable capabilities for linux container should be empty
Impact A bug was found in runc where runc exec --cap executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2. This bu...
DSA-5142-1 libxml2 - security update
Bulletin has no description...
GHSA-2GP3-6C9P-JP7W Cross site scripting in code-server
Cross-site scripting XSS vulnerability exists in Coder Code-Server before 3.12.0, allows attackers to execute arbitrary code via crafted URL...
DLA-2989-1 ghostscript - security update
Bulletin has no description...
GHSA-GPRH-7767-CW39 Code Injection in Bolt CMS
Bolt CMS = 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution...
DLA-2961-1 thunderbird - security update
Bulletin has no description...
GHSA-6XP6-FMC8-PMMR Temporary Directory Hijacking Vulnerability in Keycloak
A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is ...
ASB-A-193149550
In NotificationStackScrollLayout of NotificationStackScrollLayout.java, there is a possible way to bypass Factory Reset Protections. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
GHSA-856Q-XV3C-7F2F Unauthenticated control plane denial of service attack in Istio
Impact The Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the...
CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is...
GHSA-RHQ2-3VR9-6MCR Files on the host computer can be accessed from the Gradio interface
Impact This is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces using gradio=2.5.0...
DLA-2891-1 golang-1.8 - security update
Bulletin has no description...
GHSA-3W6P-8F82-GW8R Using JMSAppender in log4j configuration may lead to deserialization of untrusted data
Impact ClickHouse JDBC Bridge uses slf4j-log4j12 1.7.32, which depends on log4j 1.2.17. It allows a remote attacker to execute code on the server, if you changed default log4j configuration by adding JMSAppender and an insecure JMS broker. Patches The patch version 2.0.7 removed log4j dependency ...
ASB-A-143559931
In ResolverActivity, there is a possible user interaction bypass due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...
ALSA-2021:4396 Moderate: sqlite security update
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...
RLSA-2021:4396 Moderate: sqlite security update
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...
DLA-2808-1 python3.5 - security update
Bulletin has no description...
ASB-A-204573007
In eploopcheckproc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
ALSA-2021:3918 Important: redis:5 security update
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...
GHSA-M43C-649M-PM48 Integer Overflow or Wraparound in OpenCV.
In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 corresponding with OpenCV-Python 3.3.0....
GHSA-HF66-R44G-P7J9 Inefficient Regular Expression Complexity in handsontable
The package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service ReDoS in Handsontable.helper.isNumeric function...
RLSA-2021:3590 Moderate: mysql:8.0 security, bug fix, and enhancement update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql 8.0.26. BZ1996693 Security Fixes: mysql: Server: Stored Procedure multiple...
DLA-2743-1 amd64-microcode - security update
Bulletin has no description...
UVI-2021-1001487 RDMA/cma: Fix rdma_resolve_route() memory leak
RDMA/cma: Fix rdmaresolveroute memory leak This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.276 by commit...
DLA-2692-1 bluez - security update
Bulletin has no description...
DLA-2677-1 libwebp - security update
Bulletin has no description...
GHSA-3Q6F-8GRX-PR4V Cross-site scripting in jspdf
It's possible to use nested script tags in order to bypass the filtering regex...
DSA-4885-1 netty - security update
Bulletin has no description...
CVE-2021-23839
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...
DLA-2546-1 intel-microcode - security update
Bulletin has no description...
CVE-2020-11023
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...
GHSA-VVWV-H69M-WG6F XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml...
DLA-1804-1 curl - security update
Bulletin has no description...