909148 matches found
RXSA-2023:1566 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: stack overflow in doprocdointvec and procskipspaces CVE-2022-4378 ALSA: pcm: Move rwsem lock inside sndctlelemread to prevent UAF CVE-2023-0266 kernel: FUSE filesystem low-privileged user...
DLA-3389-1 lldpd - security update
Bulletin has no description...
GHSA-33PV-VCGH-JFG9 Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files
Impact A memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A user with access to upload images or documents through the Wagtail admin interface could upload a fi...
ASB-A-231985227
In factoryReset of WifiServiceImpl.java, there is a possible way to preserve WiFi settings due to a logic error in the code. This could lead to local non-security issues across resets with no additional execution privileges needed. User interaction is not needed for exploitation...
GO-2023-1611 Path traversal in github.com/gookit/goutil
fsutil.Unzip is vulnerable to path traversal attacks due to improper validation of paths...
DLA-3288-1 curl - security update
Bulletin has no description...
GHSA-V3CG-7R9H-R2G6 Field-level security issue with .keyword fields in OpenSearch
Advisory title: Field-level security issue with .keyword fields Affected versions: OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 Patched versions: OpenSearch 1.3.8 and 2.5.0 Impact: There is an issue in the implementation of field-level security FLS and field masking where rules written to explicitly...
ALSA-2023:0333 Moderate: curl security update
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fixes: curl: POST following PUT confusion CVE-2022-32221 For more details about the security issues, including the impact, a CVSS...
GO-2022-1114 ZipSlip when unzipping files in github.com/duke-git/lancet
A ZipSlip vulnerability exists when using the fileutil package to unzip files...
PYSEC-2022-42996
MPXJ is an open source library to read and write project plans from a variety of file formats and databases. On Unix-like operating systems not Windows or macos, MPXJ's use of File.createTempFile.. results in temporary files being created with the permissions -rw-r--r--. This means that any other...
CVE-2022-23824
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure...
GHSA-236J-RFX5-WQ38 OpenCart SQL injection vulnerability
OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background...
DLA-3173-1 linux-5.10 - security update
Bulletin has no description...
DSA-5244-1 chromium - security update
Bulletin has no description...
PYSEC-2022-43069
Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue...
GO-2022-0603 Panic in gopkg.in/yaml.v3
An issue in the Unmarshal function can cause a program to panic when attempting to deserialize invalid input...
CVE-2022-2097
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...
GHSA-2JX3-5J9V-PRPP BlockWishList SQL Injection vulnerability
Impact An authenticated customer can perform SQL injection Patches Issue is fixed in 2.1.1...
CVE-2022-1664
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction ca...
CVE-2022-26945
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0...
CVE-2022-22978
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with . in the regular expression are possibly vulnerable to an...
DLA-3006-1 openjdk-8 - security update
Bulletin has no description...
GHSA-5GG7-5WV8-4GCJ Undertow Request Smuggling vulnerability
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling...
GHSA-75P6-52G3-RQC8 Keycloak vulnerable to privilege escalation on Token Exchange feature
A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the clientid of the target. This could allow a client to gain unauthorized access to...
PYSEC-2022-195
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing...
GO-2022-0646 CBC padding oracle issue in AWS S3 Crypto SDK for golang in github.com/aws/aws-sdk-go
A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code MAC, which then allows an attacker who has write access to the target's S3 bucket and can observe...
GHSA-52RG-HPWQ-QP56 Allocation of Resources Without Limits or Throttling in Keycloak
A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body...
CVE-2021-41158
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the...
CVE-2021-41103
containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory...
GHSA-F34X-8PF6-QC9C HTTP header injection in Sonatype Nexus Repository
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance...
GHSA-F865-M6CQ-J9VX ReDOS in Mpmath
A Regular Expression Denial of Service ReDOS vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called...
DSA-4944-1 krb5 - security update
Bulletin has no description...
DSA-4921-1 nginx - security update
Bulletin has no description...
DSA-4915-1 postgresql-11 - security update
Bulletin has no description...
GO-2020-0016 Infinite loop in github.com/ulikunitz/xz
An attacker can construct a series of bytes such that calling Reader.Read on the bytes could cause an infinite loop. If parsing user supplied input, this may be used as a denial of service vector...
GO-2021-0090 Denial of service in github.com/tendermint/tendermint
Proposed commits may contain signatures for blocks not contained within the commit. Instead of skipping these signatures, they cause failure during verification. A malicious proposer can use this to force consensus failures...
GHSA-JPCM-4485-69P7 Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin
Impact The com.bmuschko:gradle-vagrant-plugin Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. Patch...
DSA-4848-1 golang-1.11 - security update
Bulletin has no description...
CVE-2020-28458
All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806...
ASB-A-160265164
In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEncoder.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation...
RLSA-2020:4670 Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
Rocky Enterprise Software Foundation Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. The following packages have been upgraded to a later upstream version: ipa 4.8.7, softhsm...
GHSA-HGGM-JPG3-V476 RSA decryption vulnerable to Bleichenbacher timing vulnerability
RSA decryption was vulnerable to Bleichenbacher timing vulnerabilities, which would impact people using RSA decryption in online scenarios. This is fixed in cryptography 3.2...
CVE-2020-25595
An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't ...
GHSA-84J7-475P-HP8V HTTP Response Splitting in Puma
In Puma RubyGem before 4.3.2 and 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...
DSA-4627-1 webkit2gtk - security update
Bulletin has no description...
RUSTSEC-2019-0006 Buffer overflow and format vulnerabilities in functions exposed without unsafe
ncurses exposes functions from the ncurses library which: - Pass buffers without length to C functions that may write an arbitrary amount of data, leading to a buffer overflow. instr, mvwinstr, etc - Passes rust &str to strings expecting C format arguments, allowing hostile input to execute a...
RUSTSEC-2019-0001 Uncontrolled recursion leads to abort in HTML serialization
Affected versions of this crate did use recursion for serialization of HTML DOM trees. This allows an attacker to cause abort due to stack overflow by providing a pathologically nested input. The flaw was corrected by serializing the DOM tree iteratively instead...
DLA-1725-1 rsync - security update
Bulletin has no description...
CVE-2019-6111
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented...
DSA-4353-1 php7.0 - security update
Bulletin has no description...