908463 matches found
DSA-1069-1 kernel-source-2.4.18 - several
Bulletin has no description...
DSA-816-1 xfree86 - integer overflow
Bulletin has no description...
DSA-667-1 squid - several
Bulletin has no description...
GHSA-C2JP-C369-7PVX FastMCP Auth Integration Allows for Confused Deputy Account Takeover
Summary FastMCP documentation covers the scenario where it is possible to use Entra ID or other providers for authentication. In this context, because Entra ID does not support Dynamic Client Registration DCR, the FastMCP-hosted MCP server is acting as the authorization provider, as declared in t...
CGA-8X4G-GPPR-MXJC
Bulletin has no description...
BIT-TOMCAT-2024-23672 Apache Tomcat: WebSocket DoS with incomplete closing handshake
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0 through 11.0.0, from 10.1.0 through 10.1.18, from 9.0.0 through...
ASB-A-387498139
In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-388828203
In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-30204 jwt-go allows excessive memory allocation during header parsing
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
RHSA-2023:1325 Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update
Bulletin has no description...
RHSA-2019:4126 Red Hat Security Advisory: httpd24-httpd security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2023:1744 Red Hat Security Advisory: rh-nodejs14-nodejs security, bug fix, and enhancement update
Bulletin has no description...
RHBA-2019:0326 Red Hat Bug Fix Advisory: OpenShift Container Platform 3.11 bug fix update
Bulletin has no description...
GO-2022-1259 usememos/memos Improper Authorization vulnerability in github.com/usememos/memos
usememos/memos Improper Authorization vulnerability in github.com/usememos/memos...
GO-2022-0964 SFTPGo vulnerable to recovery codes abuse in github.com/drakkan/sftpgo
SFTPGo vulnerable to recovery codes abuse in github.com/drakkan/sftpgo...
GO-2023-1542 Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following in github.com/pterodactyl/wings
Pterodactyl Wings contains UNIX Symbolic Link Symlink Following in github.com/pterodactyl/wings...
DSA-5742-1 odoo - security update
Bulletin has no description...
ALSA-2024:4211 Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack CVE-2020-26555 kernel:TCP-spoofed ghost ACKs and leak leak initial sequence number...
MAL-2024-3288 Malicious code in updated-tricks-roblox-robux-generator-2023-de-asw3er2 (npm)
--- -= Per source details. Do not edit below this line.=-...
GO-2024-2775 IBAX go-ibax vulnerable to SQL injection in github.com/IBAX-io/go-ibax
IBAX go-ibax vulnerable to SQL injection in github.com/IBAX-io/go-ibax...
GO-2024-2636 1Panel is vulnerable to command injection in github.com/1Panel-dev/1Panel
1Panel is vulnerable to command injection in github.com/1Panel-dev/1Panel...
DSA-5703-1 linux - security update
Bulletin has no description...
ASB-A-321941232
In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-35232 github.com/huandu/facebook may expose access_token in error message
github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. accesstoken can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2...
ALSA-2024:3345 Important: .NET 8.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5...
RLSA-2024:2562 Important: golang security update
The golang packages provide the Go programming language compiler. Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 golang: net/http/cookiejar: incorrect...
GHSA-MP76-7W5V-PR75 TurboBoost Commands vulnerable to arbitrary method invocation
Impact TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted dependi...
BIT-WORDPRESS-2023-5561 WordPress < 6.3.2 - Unauthenticated Post Author Email Disclosure
WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack...
BIT-POSTGRESQL-2020-25695
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...
BIT-POSTGRESQL-2021-23214
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption...
BIT-POSTGRESQL-2024-0985 PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL
Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...
BIT-GIT-2020-5260 malicious URLs may cause Git to present stored credentials to the wrong server
Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system...
BIT-DJANGO-2023-43665
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars and words methods when used with html=True are subject to a potential DoS denial of service attack via certain inputs with very long, potentially malformed HTML text. The chars and words...
GHSA-VH55-786G-WJWJ .NET Information Disclosure Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. An information disclosure vulnerability exists in .NE...
ALSA-2024:0647 Moderate: rpm security update
The RPM Package Manager RPM is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Security Fixes: rpm: TOCTOU race in checks for unsafe symlinks CVE-2021-35937 rpm: races with chown/chmod/capabilities calls...
ALSA-2024:0606 Moderate: openssh security update
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: ssh: Prefix truncation attack on Binary Packet Protocol BPP CVE-2023-48795 openssh: potential...
PYSEC-2024-21
A vulnerability classified as critical was found in vanderSchaar LAB TemporAI 0.0.3. Affected by this vulnerability is the function loadfromfile of the component PKL File Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the...
ALSA-2024:0474 Moderate: tomcat security update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Open Redirect vulnerability in FORM authentication CVE-2023-41080 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42794 tomcat: improper...
CVE-2023-50730 Grackle has StackOverflowError in GraphQL query processing
Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...
CVE-2023-51384
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS11-hosted private keys, these constraints are only applied to the first key, even if a PKCS11 token returns multiple keys...
CVE-2023-49935
An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect agains...
ASB-A-268724205
In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
GHSA-RQ42-58QF-V3QX LibreNMS vulnerable to rate limiting bypass on login page
Summary Application is using two login methods and one of them is using GET request for authentication. There is no rate limiting security feature at GET request or backend is not validating that. PoC Go to /?username=admin&password=password&submit= Capture request in Burpsuite intruder and add...
GHSA-5CVX-CWPX-9RJH Moodle Code Injection vulnerability
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution...
ALSA-2023:6474 Moderate: podman security, bug fix, and enhancement update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 net/http...
BIT-2020-2574
Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...
ASB-A-274006187
Bulletin has no description...
BIT-2023-42497
Reflected cross-site scripting XSS vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the...
BIT-2023-43814
Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the /polls/groupedpollresults endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where t...
ALSA-2023:5989 Important: varnish security update
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rap...