908024 matches found
DSA-3721-1 tomcat7 - security update
Bulletin has no description...
DSA-3607-1 linux - security update
Bulletin has no description...
DSA-3235-1 openjdk-7 - security update
Bulletin has no description...
DLA-165-1 eglibc - security update
Bulletin has no description...
DSA-3128-1 linux - security update
Bulletin has no description...
DSA-2989-1 apache2 - security update
Bulletin has no description...
DSA-2816-1 php5 - several
Bulletin has no description...
DSA-1845-1 linux-2.6 - several vulnerabilities
Bulletin has no description...
DSA-1707-1 iceweasel - several vulnerabilities
Bulletin has no description...
DSA-1607-1 iceweasel - several vulnerabilities
Bulletin has no description...
DSA-1489-1 iceweasel - several vulnerabilities
Bulletin has no description...
DSA-1160 mozilla - several
Bulletin has no description...
DSA-1137-1 tiff - several vulnerabilities
Bulletin has no description...
DSA-922-1 kernel-source-2.6.8 - several
Bulletin has no description...
DSA-479 linux-kernel-2.4.18-alpha+i386+powerpc - several vulnerabilities
Bulletin has no description...
ALSA-2026:25120 Critical: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: geneve: Fix use-after-free in genevefinddev. CVE-2025-21858 kernel: smc: Fix use-after-free in tcpwritetimerhandler CVE-2023-53781...
CGA-Q864-P2C3-38VR
Bulletin has no description...
ASB-A-386950836
In AccessibilityServiceConnection.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
GO-2025-3542 LocalAI Cross-Site Scripting (XSS) vulnerability in its search functionality in github.com/mudler/LocalAI
LocalAI Cross-Site Scripting XSS vulnerability in its search functionality in github.com/mudler/LocalAI. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
RHSA-2024:7001 Red Hat Security Advisory: kernel-rt security update
Bulletin has no description...
RHSA-2024:5101 Red Hat Security Advisory: kernel security update
Bulletin has no description...
RHSA-2023:1044 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 8
Bulletin has no description...
RHSA-2022:8840 Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update
Bulletin has no description...
RHEA-2019:1119 Red Hat Enhancement Advisory: rhvm-appliance security, bug fix, and enhancement update
Bulletin has no description...
GO-2022-0517 Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd
Argo CD SSO users vulnerable to Cross-site Scripting in github.com/argoproj/argo-cd...
GO-2023-1660 Answer vulnerable to Business Logic Errors in github.com/answerdev/answer
Answer vulnerable to Business Logic Errors in github.com/answerdev/answer...
ALSA-2024:5102 Important: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: efivarfs: force RO when remounting if SetVariable is not supported CVE-2023-52463 kernel: tracing: Restructure traceclockglobal to...
BIT-APACHE-2024-38475 Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...
CVE-2024-38474
Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to...
BIT-HUBBLE-UI-BACKEND-2022-29178
Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...
BIT-CILIUM-PROXY-2023-27593
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to /opt/cni/bin due to a hostPath mount of that directory in the agent pod. By replacing the CNI binary...
GO-2024-2777 IBAX go-ibax vulnerable to SQL injection in github.com/IBAX-io/go-ibax
IBAX go-ibax vulnerable to SQL injection in github.com/IBAX-io/go-ibax...
GHSA-CJCC-P67M-7QXM Unsafe Reflection in base Component class in yiisoft/yii2
Yii2 supports attaching Behaviors to Components by setting properties having the format 'as '. Internally this is done using the set magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using Yii::createObject$value. However, ther...
ALSA-2024:1334 Important: dnsmasq security update
The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server. Security Fixes: dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator CVE-2023-50387 dnsmasq: bind9: Preparing an NSEC3 closest encloser proof...
CVE-2024-28757
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via XMLExternalEntityParserCreate...
BIT-PYTHON-2020-27619
In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP...
BIT-PHP-2023-3824 Buffer overflow and overread in phar_dir_read()
In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE...
BIT-GOLANG-2023-44487
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
CVE-2023-50447
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 which was about the expression parameter...
CVE-2023-49805 Uptime Kuma Missing Origin Validation in WebSockets
Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket with Socket.io, but it does not verify that the source of communication is valid. This allows third-party website to access the application on behalf of their client. When connecting...
GHSA-C3HF-8VGX-72RH Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability
Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 7.0 and .NET 8.0 RC2. This advisory also provides guidance on what developers can do...
GHSA-3FX3-85R4-8J3W Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability
Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 6.0, ASP.NET Core 7.0 and, ASP.NET Core 8.0 RC2. This advisory also provides guidance...
RLSA-2023:6077 Moderate: toolbox security update
The toolbox container image can be used with Toolbox to obtain Rocky Linux based containerized command line environments to aid with development and software testing. Toolbox is built on top of Podman and other standard container technologies from OCI. This updates the toolbox image in the Rocky...
ALSA-2023:6667 Moderate: samba security, bug fix, and enhancement update
Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version:...
ALSA-2023:6324 Moderate: python3.11-pip security update
pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index PyPI. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Security Fixes: python: tarfile...
CVE-2023-3961
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call RPC services like SAMR LSA or SPOOLSS, which Samba initiates o...
BIT-2023-39325
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
BIT-2023-42780
Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dagids and the stack-traces of import errors for those DAGs with import...
BIT-2023-45348
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default.It is recommended to upgrade to a...
GHSA-7V4P-328V-8V5G Traefik vulnerable to HTTP/2 request causing denial of service
Impact A vulnerability CVE-2023-39325 exists in Go managing HTTP/2 requests, which impacts Traefik. This vulnerability could be exploited to cause a denial of service. References - CVE-2023-44487 - CVE-2023-39325 Patches - https://github.com/traefik/traefik/releases/tag/v2.10.5 -...