907558 matches found
DLA-2692-1 bluez - security update
Bulletin has no description...
DLA-2677-1 libwebp - security update
Bulletin has no description...
GHSA-3Q6F-8GRX-PR4V Cross-site scripting in jspdf
It's possible to use nested script tags in order to bypass the filtering regex...
DSA-4885-1 netty - security update
Bulletin has no description...
CVE-2021-23839
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...
DLA-2546-1 intel-microcode - security update
Bulletin has no description...
CVE-2020-11023
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...
GHSA-VVWV-H69M-WG6F XXE in PHPSpreadsheet due to incomplete fix for previous encoding issue
PHPOffice PhpSpreadsheet before 1.8.0 has an XXE issue. The XmlScanner decodes the sheet1.xml from an .xlsx to utf-8 if something else than UTF-8 is declared in the header. This was a security measurement to prevent CVE-2018-19277 but the fix is not sufficient. By double-encoding the the xml...
DLA-1804-1 curl - security update
Bulletin has no description...
DLA-1762-1 systemd - security update
Bulletin has no description...
DLA-1638-1 libjpeg-turbo - security update
Bulletin has no description...
CVE-2018-20676
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute...
DLA-1423-1 linux-4.9 - security update
Bulletin has no description...
SUSE-SU-2018:1886-1 Security update for php7
This update for php7 fixes the following issues: - CVE-2018-12882: exifreadfromimpl allowed attackers to trigger a use-after-free in exifreadfromfile because it closed a stream that it is not responsible for closing bsc1099098...
DSA-4161-1 python-django - security update
Bulletin has no description...
DLA-1325-1 drupal7 - security update
Bulletin has no description...
DLA-1317-1 net-snmp - security update
Bulletin has no description...
DSA-4082-1 linux - security update
Bulletin has no description...
GHSA-PCHC-949F-53M5 Improper Input Validation in multi_xml
multixml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involvin...
GHSA-JMGW-6VJG-JJWG actionpack Improper Input Validation vulnerability
activesupport/coreext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a...
DLA-1009-1 apache2 - security update
Bulletin has no description...
DLA-842-1 qemu-kvm - security update
Bulletin has no description...
DLA-753-1 tomcat7 - security update
Bulletin has no description...
DSA-3607-1 linux - security update
Bulletin has no description...
DSA-3500-1 openssl - security update
Bulletin has no description...
DSA-3235-1 openjdk-7 - security update
Bulletin has no description...
DSA-3223-1 ntp - security update
Bulletin has no description...
DSA-3064-1 php5 - security update
Bulletin has no description...
DSA-2974-1 php5 - security update
Bulletin has no description...
DSA-2912-1 openjdk-6 - security update
Bulletin has no description...
DSA-2816-1 php5 - several
Bulletin has no description...
DSA-2604-1 rails - insufficient input validation
Bulletin has no description...
DSA-1845-1 linux-2.6 - several vulnerabilities
Bulletin has no description...
DSA-1571-1 openssl - predictable random number generator
Bulletin has no description...
DSA-1489-1 iceweasel - several vulnerabilities
Bulletin has no description...
DSA-1338-1 iceweasel
Bulletin has no description...
DSA-1160 mozilla - several
Bulletin has no description...
DSA-1137-1 tiff - several vulnerabilities
Bulletin has no description...
DSA-1118 mozilla - several
Bulletin has no description...
DSA-922-1 kernel-source-2.6.8 - several
Bulletin has no description...
DSA-479 linux-kernel-2.4.18-alpha+i386+powerpc - several vulnerabilities
Bulletin has no description...
RHSA-2026:14823 Red Hat Security Advisory: kernel security update
Bulletin has no description...
ASB-A-386950836
In AccessibilityServiceConnection.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
RHSA-2024:7001 Red Hat Security Advisory: kernel-rt security update
Bulletin has no description...
RHSA-2024:5101 Red Hat Security Advisory: kernel security update
Bulletin has no description...
RHSA-2023:1044 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 8
Bulletin has no description...
RHSA-2022:8840 Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update
Bulletin has no description...
RHSA-2023:6535 Red Hat Security Advisory: webkit2gtk3 security, bug fix, and enhancement update
Bulletin has no description...
ALSA-2024:5102 Important: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: efivarfs: force RO when remounting if SetVariable is not supported CVE-2023-52463 kernel: tracing: Restructure traceclockglobal to...
BIT-APACHE-2024-38475 Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...