907648 matches found
DSA-4797-1 webkit2gtk - security update
Bulletin has no description...
DSA-4792-1 openldap - security update
Bulletin has no description...
PYSEC-2020-26
Synopsys hub-rest-api-python aka blackduck on PyPI version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases...
GHSA-G2F6-V5QH-H2MQ Nexus Repository Manager 3 - Remote Code Execution
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...
CVE-2019-18934
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with --enable-ipsecmod support, and ipsecmod is enabled and used in the configuration...
DLA-1896-1 commons-beanutils - security update
Bulletin has no description...
ALSA-2019:2511 Important: mysql:8.0 security update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: mysql 8.0.17. Security Fixes: mysql: Server: Replication multiple unspecified vulnerabilities...
DLA-1570-1 mariadb-10.0 - security update
Bulletin has no description...
DLA-1445-1 busybox - security update
Bulletin has no description...
CVE-2016-9953
The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service crash, or possibly have unspecified other impact via a wildcard...
CVE-2017-1000158
CPython aka Python up to 2.7.13 is vulnerable to an integer overflow in the PyStringDecodeEscape function in stringobject.c, resulting in heap-based buffer overflow and possible arbitrary code execution...
DSA-3925-1 qemu - security update
Bulletin has no description...
DSA-3673-2 openssl - regression update
Bulletin has no description...
DLA-508-1 expat - security update
Bulletin has no description...
DSA-3396-1 linux - security update
Bulletin has no description...
DSA-3280-1 php5 - security update
Bulletin has no description...
DSA-3245-1 ruby1.8 - security update
Bulletin has no description...
DLA-212-1 php5 - security update
Bulletin has no description...
DLA-96-1 openjdk-6 - security update
Bulletin has no description...
DLA-17-1 tor - new upstream version
Bulletin has no description...
DSA-2929-1 ruby-actionpack-3.2 - security update
Bulletin has no description...
DSA-2774-1 gnupg2 - several
Bulletin has no description...
DSA-2465-1 php5 - several
Bulletin has no description...
DSA-2365-1 dtc - several
Bulletin has no description...
DSA-2123-1 nss - cryptographic weaknesses
Bulletin has no description...
DSA-1666-1 libxml2 - several vulnerabilities
Bulletin has no description...
DSA-1638-1 openssh - denial of service
Bulletin has no description...
DSA-1636-1 linux-2.6.24 - several vulnerabilities
Bulletin has no description...
DSA-1282-1 php4
Bulletin has no description...
DSA-816-1 xfree86 - integer overflow
Bulletin has no description...
DSA-312 kernel-patch-2.4.18-powerpc - several vulnerabilities
Bulletin has no description...
DEBIAN-CVE-2026-31488
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not skip unrelated mode changes in DSC validation Starting with commit 17ce8a6907f7 "drm/amd/display: Add dsc pre-validation in atomic check", amdgpu resets the CRTC state modechanged flag to false when...
BIT-TOMCAT-2024-23672 Apache Tomcat: WebSocket DoS with incomplete closing handshake
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0 through 11.0.0, from 10.1.0 through 10.1.18, from 9.0.0 through...
ASB-A-388828203
In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-367274727
In addattr of sdpdiscovery.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-387498139
In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-30204 jwt-go allows excessive memory allocation during header parsing
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
RHSA-2019:1529 Red Hat Security Advisory: pki-deps:10.6 security update
Bulletin has no description...
RHSA-2023:1325 Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update
Bulletin has no description...
RHSA-2019:4126 Red Hat Security Advisory: httpd24-httpd security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2023:1744 Red Hat Security Advisory: rh-nodejs14-nodejs security, bug fix, and enhancement update
Bulletin has no description...
RHBA-2019:0326 Red Hat Bug Fix Advisory: OpenShift Container Platform 3.11 bug fix update
Bulletin has no description...
RHSA-2024:4312 Red Hat Security Advisory: openssh security update
Bulletin has no description...
CVE-2024-45409 The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...
GO-2023-1912 mx-chain-go's relayed transactions always increment nonce in github.com/multiversx/mx-chain-go
mx-chain-go's relayed transactions always increment nonce in github.com/multiversx/mx-chain-go...
DSA-5731-1 linux - security update
Bulletin has no description...
ALSA-2024:4211 Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack CVE-2020-26555 kernel:TCP-spoofed ghost ACKs and leak leak initial sequence number...
GO-2024-2645 Nuclei allows unsigned code template execution through workflows in github.com/projectdiscovery/nuclei
Nuclei allows unsigned code template execution through workflows in github.com/projectdiscovery/nuclei...
CVE-2024-35232 github.com/huandu/facebook may expose access_token in error message
github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. accesstoken can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2...
BIT-GIT-2024-32002 Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory...