907959 matches found
GHSA-52RG-HPWQ-QP56 Allocation of Resources Without Limits or Throttling in Keycloak
A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body...
DSA-5012-1 openjdk-17 - security update
Bulletin has no description...
CVE-2021-41158
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the...
CVE-2021-41103
containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory...
DSA-4979-1 mediawiki - security update
Bulletin has no description...
GHSA-F34X-8PF6-QC9C HTTP header injection in Sonatype Nexus Repository
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance...
GHSA-F865-M6CQ-J9VX ReDOS in Mpmath
A Regular Expression Denial of Service ReDOS vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called...
DSA-4944-1 krb5 - security update
Bulletin has no description...
DSA-4924-1 squid - security update
Bulletin has no description...
DSA-4921-1 nginx - security update
Bulletin has no description...
DSA-4915-1 postgresql-11 - security update
Bulletin has no description...
GO-2020-0016 Infinite loop in github.com/ulikunitz/xz
An attacker can construct a series of bytes such that calling Reader.Read on the bytes could cause an infinite loop. If parsing user supplied input, this may be used as a denial of service vector...
DSA-4848-1 golang-1.11 - security update
Bulletin has no description...
DLA-2538-1 mariadb-10.1 - security update
Bulletin has no description...
CVE-2020-28458
All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806...
ASB-A-160265164
In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEncoder.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2020-25595
An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't ...
DSA-4719-1 php7.3 - security update
Bulletin has no description...
GHSA-84J7-475P-HP8V HTTP Response Splitting in Puma
In Puma RubyGem before 4.3.2 and 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...
DSA-4627-1 webkit2gtk - security update
Bulletin has no description...
DSA-4626-1 php7.3 - security update
Bulletin has no description...
DSA-4621-1 openjdk-8 - security update
Bulletin has no description...
DSA-4603-1 thunderbird - security update
Bulletin has no description...
RUSTSEC-2019-0001 Uncontrolled recursion leads to abort in HTML serialization
Affected versions of this crate did use recursion for serialization of HTML DOM trees. This allows an attacker to cause abort due to stack overflow by providing a pathologically nested input. The flaw was corrected by serializing the DOM tree iteratively instead...
DSA-4422-1 apache2 - security update
Bulletin has no description...
DLA-1725-1 rsync - security update
Bulletin has no description...
CVE-2019-6111
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented...
DSA-4355-1 openssl1.0 - security update
Bulletin has no description...
DSA-4353-1 php7.0 - security update
Bulletin has no description...
DSA-4281-1 tomcat8 - security update
Bulletin has no description...
DSA-4120-1 linux - security update
Bulletin has no description...
DSA-3954-1 openjdk-7 - security update
Bulletin has no description...
DLA-483-1 expat - security update
Bulletin has no description...
DLA-165-1 eglibc - security update
Bulletin has no description...
DSA-3128-1 linux - security update
Bulletin has no description...
DSA-2989-1 apache2 - security update
Bulletin has no description...
DSA-2929-1 ruby-actionpack-3.2 - security update
Bulletin has no description...
DSA-2632-1 linux-2.6 - several vulnerabilities
Bulletin has no description...
DSA-2264-1 linux-2.6 - several issues
Bulletin has no description...
DSA-2195-1 php5 - several
Bulletin has no description...
DSA-1861-1 libxml - several issues
Bulletin has no description...
DSA-1707-1 iceweasel - several vulnerabilities
Bulletin has no description...
DSA-1704-1 xulrunner - several vulnerabilities
Bulletin has no description...
DSA-1607-1 iceweasel - several vulnerabilities
Bulletin has no description...
DSA-1603-1 bind9 - cache poisoning
Bulletin has no description...
DSA-1592-1 linux-2.6 - overflow conditions
Bulletin has no description...
DSA-1392-1 xulrunner - several vulnerabilities
Bulletin has no description...
DSA-921-1 kernel-source-2.4.27 - several
Bulletin has no description...
DSA-607-1 xfree86 - several
Bulletin has no description...
DSA-486 cvs - several vulnerabilities
Bulletin has no description...