907649 matches found
DLA-2286-1 tomcat8 - security update
Bulletin has no description...
DLA-2277-1 openjpeg2 - security update
Bulletin has no description...
DSA-4695-1 firefox-esr - security update
Bulletin has no description...
DSA-4682-1 squid - security update
Bulletin has no description...
ALSA-2020:1932 Important: container-tools:rhel8 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 For more details about the security issues, including the...
DSA-4668-1 openjdk-8 - security update
Bulletin has no description...
GHSA-7553-JR98-VX47 libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. The Nokogiri RubyGem has patched its vendored copy of libxml2 in order to prevent this issue from affecting nokogiri...
CVE-2020-7059
When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash...
DLA-2023-1 openjdk-7 - security update
Bulletin has no description...
RLSA-2019:3735 Critical: php:7.2 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: underflow in envpathinfo in fpmmain.c CVE-2019-11043 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...
DSA-4509-3 apache2 - security update
Bulletin has no description...
DSA-4529-1 php7.0 - security update
Bulletin has no description...
DLA-1828-1 python-urllib3 - security update
Bulletin has no description...
ALSA-2019:1529 Important: pki-deps:10.6 security update
The Public Key Infrastructure PKI Deps module contains fundamental packages required as dependencies for the pki-core module by AlmaLinux Certificate System. Security Fixes: tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up CVE-2018-8037 tomcat: Insecure...
DLA-1789-1 intel-microcode - security update
Bulletin has no description...
DLA-1748-1 apache2 - security update
Bulletin has no description...
DLA-1728-1 openssh - security update
Bulletin has no description...
CVE-2018-7600
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations...
GHSA-4936-RJ25-6WM6 nori contains Improper Input Validation
The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involving...
DSA-3980-1 apache2 - security update
Bulletin has no description...
DLA-772-1 linux - security update
Bulletin has no description...
DSA-3738-1 tomcat7 - security update
Bulletin has no description...
DSA-3597-1 expat - security update
Bulletin has no description...
CVE-2016-2109
The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service memory consumption via a short invalid encoding...
DSA-3486-1 chromium-browser - security update
Bulletin has no description...
DSA-3388-1 ntp - security update
Bulletin has no description...
DSA-3300-1 iceweasel - security update
Bulletin has no description...
DSA-3252-1 sqlite3 - security update
Bulletin has no description...
DSA-3195-1 php5 - security update
Bulletin has no description...
DSA-3074-1 php5 - security update
Bulletin has no description...
DLA-0008-1 openssl - security update
Bulletin has no description...
DSA-2733-1 otrs2 - SQL injection
Bulletin has no description...
DSA-2626-1 lighttpd - several issues
Bulletin has no description...
DSA-2622-1 polarssl - several
Bulletin has no description...
DSA-2340-1 postgresql - weak password hashing
Bulletin has no description...
DSA-2235-1 icedove - several
Bulletin has no description...
DSA-2154-1 exim4 - privilege escalation
Bulletin has no description...
DSA-1928-1 linux-2.6.24 - several vulnerabilities
Bulletin has no description...
DSA-1915-1 linux-2.6 - several vulnerabilities
Bulletin has no description...
DSA-1872-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
Bulletin has no description...
DSA-1790-1 xpdf - multiple vulnerabilities
Bulletin has no description...
DSA-1630-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
Bulletin has no description...
DSA-1506-1 iceape - several vulnerabilities
Bulletin has no description...
DSA-1300-1 iceape
Bulletin has no description...
DSA-1184-2 kernel-source-2.6.8 - several vulnerabilities
Bulletin has no description...
DSA-1067-1 kernel-source-2.4.16 - several
Bulletin has no description...
DSA-1069-1 kernel-source-2.4.18 - several
Bulletin has no description...
DSA-667-1 squid - several
Bulletin has no description...
OSV-2026-823 Heap-buffer-overflow in ihevcd_fmt_conv_422sp_to_420p
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=517027631 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcdfmtconv422spto420p ihevcdfmtconv ihevcddecode...
BIT-TOMCAT-2022-25762 Response mix-up with WebSocket concurrent send and close
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling...