905908 matches found
CVE-2023-28531
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9...
CVE-2006-20001
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool heap memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier...
BIT-ELASTICSEARCH-2023-49921
An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessi...
GO-2023-1709 Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault
HashiCorp Vault's implementation of Shamir's secret sharing uses precomputed table lookups, and is vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a bru...
GHSA-45HX-WFHJ-473X Arbitrary code execution in H2 Console
H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNOREUNKNOWNSETTINGS=TRUE;FORBIDCREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392...
CVE-2024-22204 Whoogle Search Limited File Write vulnerability
Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The config function in app/routes.py does not validate the user-controlled name variable on line 447 and configdata variable o...
GHSA-M8P2-495H-CCMH The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack...
DLA-1081-1 imagemagick - security update
Bulletin has no description...
GHSA-5F2M-466J-3848 Denial of service in ASP.NET Core
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980...
BIT-GITLAB-2020-10076
GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests...
BIT-GRAFANA-2024-10452
Organization admins can delete pending invites created in an organization they are not part of...
CVE-2024-21671 vantage6 username timing attack
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this...
GHSA-6CR4-7C7P-P3XV Use of Hard-coded Cryptographic Key in Apache Tomcat
DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret aka private key, which makes it easier for remote attackers to bypass cryptographic...
GHSA-GV7W-RQVM-QJHR Withdrawn Advisory: esbuild: Missing binary integrity verification in Deno module enables remote code execution via NPM_CONFIG_REGISTRY
Withdrawn Advisory This advisory has been withdrawn because the affected package was incorrectly identified and the actual affected package is not in a supported ecosystem. This link is maintained to preserve external references. Original Description Summary The esbuild Deno module lib/deno/mod.t...
BIT-VAULT-2024-5798 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have be...
GHSA-G7R4-M6W7-QQQR esbuild allows arbitrary file read when running the development server on Windows
Summary The development server contains a path traversal vulnerability on Windows when serving files from servedir. Due to the use of path.Clean which only normalizes forward-slash / separators instead of a Windows-aware path normalization function, it is possible to craft requests using...
OPENSUSE-SU-2024:12103-1 tomcat-9.0.43-8.1 on GA media
These are all security issues fixed in the tomcat-9.0.43-8.1 package on the GA media of openSUSE Tumbleweed...
DSA-3796-1 apache2 - security update
Bulletin has no description...
BIT-APACHE-2020-11984
Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE...
BIT-GITLAB-2023-5825 Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to...
GHSA-5WW6-PX42-WC85 SM2 Decryption Buffer Overflow
In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...
BIT-GITLAB-2024-6595 Uncontrolled Search Path Element in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data...
GO-2024-2921 HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault
HashiCorp Vault Incorrectly Validated JSON Web Tokens JWT Audience Claims in github.com/hashicorp/vault. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
CVE-2024-22200 vantage6-UI docker image leaks software version information
vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0...
GHSA-7H26-63M7-QHF2 HTML comments vulnerability allowing to execute JavaScript code
Affected packages The vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 HTML processing core module. The vulnerability allowed to inject malformed comments HTML...
BIT-GITLAB-2024-10240 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project,...
GHSA-76VR-72MV-MF3Q Cross-Site Request Forgery in Apache Tomcat
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery CSRF protection mechanism via a request that lacks a session identifier...
DLA-3954-2 postgresql-13 - regression update
Bulletin has no description...
BIT-GITLAB-2023-5963 Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators...
GO-2024-2464 Remote command execution in github.com/0xJacky/Nginx-UI
Remote command execution in github.com/0xJacky/Nginx-UI...
CVE-2023-38408
The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Code in /usr/lib is not necessarily safe for loading into ssh-agent. NOTE: this issue exists because o...
GHSA-6G8Q-QFPV-57WP CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
Impact The Cake\Database\Query::limit and Cake\Database\Query::offset methods are vulnerable to SQL injection if passed un-sanitized user request data. Patches This issue has been fixed in 4.2.12, 4.3.11, 4.4.10 Workarounds Using CakePHP's Pagination library will mitigate this issue, as will...
DSA-5277-1 php7.4 - security update
Bulletin has no description...
GHSA-CFM4-QJH2-4765 Improper Verification of Cryptographic Signature in node-forge
Impact RSA PKCS1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS1 encoded message to forge a signature when a low public exponent is being used. Patches The...
GHSA-WGRM-67XF-HHPQ PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF
Impact If pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. Patches The patch removes the use of eval:...
BIT-GITLAB-2023-5831 Insertion of Sensitive Information Into Sent Data in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the supersidebarloggedout feature flag enabled. Affected versions with this...
BIT-APACHE-2021-44790 Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier
A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...
OSV-2021-1082 UNKNOWN READ in std::__1::__tree<std::__1::__value_type<std::__1::basic_string<char, std::__1::c
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24051 Crash type: UNKNOWN READ Crash state: std::1::tree, std::1...
ALSA-2025:3773 Important: delve and golang security update
The Go Programming Language. Security Fixes: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion CVE-2024-34156 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...
GHSA-WQQ8-MQJ9-697F PrestaShop autoupgrade module ZIP archives were vulnerable from CVE-2017-9841
Impact We have identified that some autoupgrade module ZIP archives have been built with phpunit dev dependencies. PHPUnit contains a php script that would allow, on a webserver, an attacker to perform a RCE. This vulnerability impacts - phpunit before 4.8.28 and 5.x before 5.6.3 as reported in...
DLA-2027-1 jruby - security update
Bulletin has no description...
BIT-GITLAB-2024-5469 Uncontrolled Resource Consumption in GitLab
DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3 allows an attacker to crash KAS via crafted gRPC requests...
CVE-2024-23324 Envoy ext auth can be bypassed when Proxy protocol filter sets invalid UTF-8 metadata
Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to extauthz, circumventing extauthz checks when failuremodeallow is set to true. This issue has been addressed in...
CVE-2024-22779
Directory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 and before allows a remote attacker to execute arbitrary code via the loadServerPack in ServerResourcePackProviderMixin.java...
CVE-2018-14720
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity XXE attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization...
DLA-701-1 memcached - security update
Bulletin has no description...
BELL-CVE-2024-6387
Bulletin has no description...
BIT-TOMCAT-2020-11996
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0 to 10.0.0, 9.0.0 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive...
CVE-2023-25690
Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...
GHSA-HPCF-8VF9-Q4GJ jQuery-UI vulnerable to Cross-site Scripting in dialog closeText
Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function. jQuery-UI is a library for manipulating UI elements via jQuery. Version 1.11.4 has a cross site scripting XSS...