911032 matches found
CVE-2024-23639 micronaut-core management endpoints vulnerable to drive-by localhost attack
Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...
CVE-2023-42465
Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is based on not equaling an error value instead of equaling a success value, and because the values do not resist flips of a single bit...
PYSEC-2023-240
Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...
ALSA-2023:7065 Moderate: tomcat security and bug fix update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: Apache Commons FileUpload: FileUpload DoS with excessive parts CVE-2023-24998 tomcat: not including the secure attribute causes information disclosure CVE-2023-28708 tomcat: Fix for...
RLSA-2023:5738 Important: go-toolset and golang security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fixes: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325...
BIT-2023-44388
Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to...
BIT-2023-45348
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default.It is recommended to upgrade to a...
PYSEC-2023-115
Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry...
CVE-2023-36814 zopefoundation's Products.CMFCore vulnerable to unauthenticated denial of service and crash via unchecked use of input with Python's marshal module
Products.CMFCore are the key framework services for the Zope Content Management Framework CMF. The use of Python's marshal module to handle unchecked input in a public method on PortalFolder objects can lead to an unauthenticated denial of service and crash situation. The code in question is...
ALSA-2023:3708 Important: kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: use-after-free vulnerability in the perfgroupdetach function of the Linux Kernel Performance Events CVE-2023-2235 kernel: netfilte...
GHSA-P9XG-9378-CQP7 Cross-site scripting in Liferay Portal
Cross-site scripting XSS vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user's 1 First Name, 2 Middle Name, 3 Last Name, ...
CVE-2023-27533
A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...
GHSA-RWMF-W63J-P7GV CairoSVG improperly processes SVG files loaded from external resources
SSRF vulnerability Summary When CairoSVG processes an SVG file, it can make requests to the inner host and different outside hosts. Operating system, version and so on Linux, Debian Buster LTS core 5.10 / Parrot OS 5.1 Electro Ara, python 3.9 Tested CairoSVG version 2.6.0 Details A specially...
GHSA-PJ73-V5MW-PM9J Possible XSS Security Vulnerability in SafeBuffer#bytesplice
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. This vulnerability has been assigned the CVE identifier CVE-2023-28120. Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3 Impact ActiveSupport uses...
GHSA-P52G-CM5J-MJV4 openssl-src subject to Timing Oracle in RSA Decryption
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...
GHSA-CVH4-CJC9-84QM owncast is vulnerable to SQL Injection
SQL Injection in GitHub repository owncast/owncast prior to 0.0.13...
PYSEC-2022-42996
MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems not Windows or macos, MPXJ's use of File.createTempFile.. results in temporary files being created with the permissions -rw-r--r--. This means that any other...
CVE-2022-45047
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD = 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys ...
GHSA-W3W9-VRF5-8MX8 ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
Impact In ReactPHP's HTTP server component versions below v1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host- and Secure- confused with cookies that decode to such prefix, thus leading to an attacker...
GHSA-J95R-86HX-XWXG Rank Math SEO plugin vulnerable to Server-Side Request Forgery
Server-Side Request Forgery SSRF vulnerability in Rank Math SEO plugin = 1.0.95 at WordPress...
DLA-3087-1 webkit2gtk - security update
Bulletin has no description...
DLA-3065-1 linux - security update
Bulletin has no description...
GHSA-PFRX-2Q88-QQ97 Got allows a redirect to a UNIX socket
The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket...
CVE-2022-30789
A crafted NTFS image can cause a heap-based buffer overflow in ntfschecklogclientarray in NTFS-3G through 2021.8.22...
CVE-2022-26945
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0...
GHSA-QCCH-9268-59JW Wildfly EJB Client causes DoS
A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventually unavailable. An attacker can take advantage and cause denial of service attack and ma...
DSA-5142-1 libxml2 - security update
Bulletin has no description...
RUSTSEC-2022-0031 Panic due to improper UTF-8 indexing
When parsing untrusted rulex expressions, rulex may panic, possibly enabling a Denial of Service attack. This happens when the expression contains a multi- byte UTF-8 code point in a string literal or after a backslash, because rulex tries to slice into the code point and panics as a result. The...
CVE-2022-22978
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with . in the regular expression are possibly vulnerable to an...
GHSA-2GP3-6C9P-JP7W Cross site scripting in code-server
Cross-site scripting XSS vulnerability exists in Coder Code-Server before 3.12.0, allows attackers to execute arbitrary code via crafted URL...
DLA-2989-1 ghostscript - security update
Bulletin has no description...
GHSA-6XP6-FMC8-PMMR Temporary Directory Hijacking Vulnerability in Keycloak
A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is ...
ALSA-2022:0892 Moderate: libarchive security update
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...
GHSA-RHQ2-3VR9-6MCR Files on the host computer can be accessed from the Gradio interface
Impact This is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces using gradio=2.5.0...
GHSA-W4FJ-CCR6-7PCP Apache NiFi Insertion of Sensitive Information into Log File
An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present...
GHSA-3W6P-8F82-GW8R Using JMSAppender in log4j configuration may lead to deserialization of untrusted data
Impact ClickHouse JDBC Bridge uses slf4j-log4j12 1.7.32, which depends on log4j 1.2.17. It allows a remote attacker to execute code on the server, if you changed default log4j configuration by adding JMSAppender and an insecure JMS broker. Patches The patch version 2.0.7 removed log4j dependency ...
PYSEC-2021-851
Flask-AppBuilder is a development framework built on top of Flask. Verions prior to 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected RE...
ASB-A-143559931
In ResolverActivity, there is a possible user interaction bypass due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...
DSA-5012-1 openjdk-17 - security update
Bulletin has no description...
ASB-A-204573007
In eploopcheckproc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
GHSA-M43C-649M-PM48 Integer Overflow or Wraparound in OpenCV.
In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 corresponding with OpenCV-Python 3.3.0....
DSA-4979-1 mediawiki - security update
Bulletin has no description...
GHSA-HF66-R44G-P7J9 Inefficient Regular Expression Complexity in handsontable
The package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service ReDoS in Handsontable.helper.isNumeric function...
PYSEC-2021-338
Leo Editor v6.2.1 was discovered to contain a regular expression denial of service ReDoS vulnerability in the component plugins/importers/dart.py...
RLSA-2021:3590 Moderate: mysql:8.0 security, bug fix, and enhancement update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql 8.0.26. BZ1996693 Security Fixes: mysql: Server: Stored Procedure multiple...
GHSA-J239-4GQG-5J54 Inadequate Encryption Strength
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution...
DSA-4924-1 squid - security update
Bulletin has no description...
GHSA-3Q6F-8GRX-PR4V Cross-site scripting in jspdf
It's possible to use nested script tags in order to bypass the filtering regex...
DLA-2546-1 intel-microcode - security update
Bulletin has no description...
DLA-2538-1 mariadb-10.1 - security update
Bulletin has no description...