908024 matches found
DSA-1666-1 libxml2 - several vulnerabilities
Bulletin has no description...
DSA-1638-1 openssh - denial of service
Bulletin has no description...
DSA-1286-1 linux-2.6
Bulletin has no description...
DSA-797-1 zsync - buffer overflow
Bulletin has no description...
DSA-312 kernel-patch-2.4.18-powerpc - several vulnerabilities
Bulletin has no description...
DSA-143 krb5 - integer overflow
Bulletin has no description...
CGA-Q864-P2C3-38VR
Bulletin has no description...
BIT-PYTHON-2007-4559
Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...
CGA-4CM4-PXM6-X3MP
Bulletin has no description...
HSEC-2024-0002 out-of-bounds write when there are many bzip2 selectors
out-of-bounds write when there are many bzip2 selectors A malicious bzip2 payload may produce a memory corruption resulting in a denial of service and/or remote code execution. Network services or command line utilities decompressing untrusted bzip2 payloads are affected. Note that the exploitati...
ASB-A-303227969
In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead to a local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-367274727
In addattr of sdpdiscovery.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
RUSTSEC-2025-0023 Broadcast channel calls clone in parallel, but does not require `Sync`
The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...
PUB-A-385736329
In n/a of n/a, there is a possible n/a due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
OESA-2025-1039 spark security update
Apache Spark achieves high performance for both batch and streaming data, using a state-of-the-art DAG scheduler, a query optimizer, and a physical execution engine. Security Fixes: Signing cookies is an application security feature that adds a digital signature to cookie data to verify its...
MAL-2024-11695 Malicious code in rk-pairip (PyPI)
--- -= Per source details. Do not edit below this line.=-...
RHSA-2024:8870 Red Hat Security Advisory: kernel-rt security update
Bulletin has no description...
RHSA-2019:1529 Red Hat Security Advisory: pki-deps:10.6 security update
Bulletin has no description...
RHSA-2023:5970 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.1 (collectd-libpod-stats) security update
Bulletin has no description...
RHSA-2023:5485 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 8
Bulletin has no description...
RHSA-2020:2060 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.8 on RHEL 8 security update
Bulletin has no description...
RHSA-2020:2059 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.8 on RHEL 7 security update
Bulletin has no description...
RHSA-2023:2458 Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2024:4312 Red Hat Security Advisory: openssh security update
Bulletin has no description...
GHSA-M6FV-JMCG-4JFG send vulnerable to template injection that can lead to XSS
Impact passing untrusted user input - even after sanitizing it - to SendStream.redirect may execute untrusted code Patches this issue is patched in send 0.19.0 Workarounds users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any...
CVE-2024-45409 The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...
GO-2023-1657 Answer has Guessable CAPTCHA in github.com/answerdev/answer
Answer has Guessable CAPTCHA in github.com/answerdev/answer...
ALSA-2024:4720 Important: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Encoding problem in modproxy CVE-2024-38473 httpd: Substitution encoding issue in modrewrite CVE-2024-38474 httpd: Improper escaping of output in modrewrite CVE-2024-38475...
DSA-5731-1 linux - security update
Bulletin has no description...
PYSEC-2024-242
A Local File Inclusion LFI vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can...
GO-2024-2641 Insecure Variable Substitution in Vela in github.com/go-vela/worker
Insecure Variable Substitution in Vela in github.com/go-vela/worker...
BIT-GIT-2024-32002 Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory...
BIT-GITLAB-2023-5332 Dependency on Vulnerable Third-Party Component in GitLab
Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE...
BIT-GOLANG-2023-24538 Backticks not treated as string delimiters in html/template
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
ASB-A-273935108
In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation...
ALSA-2024:0887 Moderate: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 golang: cmd/go: Protocol Fallback when fetching modules CVE-2023-452...
CVE-2023-52425
libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple buffer fills are needed...
ASB-A-297524203
In attpbuildreadbytypevaluecmd of attprotocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
PYSEC-2024-18
Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the window endpoint does not sanitize user-supplied input from the location variable and passes it to the send method which sends a GET request on lines 339-343 in request.py, which leads to a server-side request...
PYSEC-2024-10
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable...
GHSA-98G6-XH36-X2P7 Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability...
ALSA-2023:7090 Moderate: libmicrohttpd security update
GNU libmicrohttpd is a small C library that makes it easy to run an HTTP server as part of another application. Security Fixes: libmicrohttpd: remote DoS CVE-2023-27371 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...
DSA-5553-1 postgresql-15 - security update
Bulletin has no description...
RLSA-2023:6077 Moderate: toolbox security update
The toolbox container image can be used with Toolbox to obtain Rocky Linux based containerized command line environments to aid with development and software testing. Toolbox is built on top of Podman and other standard container technologies from OCI. This updates the toolbox image in the Rocky...
GHSA-3VPF-MCJ7-5H38 Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages
Impact The Fides web application allows data subject users to request access to their personal data. If the request is approved by the data controller user operating the Fides web application, the data subject's personal data can then retrieved from connected systems and data stores before being...
ALSA-2023:6738 Moderate: java-21-openjdk security and bug fix update
The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: OpenJDK: memory corruption issue on x8664 with AVX-512 8317121 CVE-2023-22025 OpenJDK: certificate path validation issue during client authentication...
BIT-2021-2144
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...
BIT-2023-46119
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1...
GHSA-JQ35-85CJ-FJ4P /sys/devices/virtual/powercap accessible by default to containers
Intel's RAPL Running Average Power Limit feature, introduced by the Sandy Bridge microarchitecture, provides software insights into hardware energy consumption. To facilitate this, Intel introduced the powercap framework in Linux kernel 3.13, which reads values via relevant MSRs model specific...
BIT-2023-44309
Multiple stored cross-site scripting XSS vulnerabilities in the fragment components in Liferay Portal 7.4.2 through 7.4.3.53, and Liferay DXP 7.4 before update 54 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into any non-HTML field of a linked sourc...