905977 matches found
DSA-5067-1 ruby2.7 - security update
Bulletin has no description...
GHSA-GHGJ-3XQR-6JFM Jetty vulnerable to exposure of sensitive information to unauthenticated remote users
The exception handling code in Eclipse Jetty prior to 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak...
CVE-2016-10009
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11 modules by leveraging control over a forwarded agent-socket...
GHSA-2CWJ-8CHV-9PP9 XML External Entity attack in log4net
Apache log4net before 2.0.10 does not disable XML external entities when parsing log4net configuration files. This could allow for XXE-based attacks in applications that accept arbitrary configuration files from users...
BIT-APACHE-2022-28615 Read beyond bounds in ap_strcmp_match()
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...
CVE-2024-23341 TuiTse-TsuSin html injection vulnerability in `tuitse_html` function
TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman characters. Prior to version 1.3.2, when using tuitsehtml without quoting the input, there is a html...
CVE-2022-2477
Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page...
BIT-GITLAB-2024-4835 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information...
CVE-2024-1947 Improper Handling of Highly Compressed Data (Data Amplification) in GitLab
A denial of service DoS condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls...
CVE-2024-2874 Allocation of Resources Without Limits or Throttling in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources...
BIT-GITLAB-2020-10078
GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability...
DLA-2184-1 jsch - security update
Bulletin has no description...
RHSA-2018:3249 Red Hat Security Advisory: setup security and bug fix update
Bulletin has no description...
CVE-2024-21653 vantage6 insecure SSH configuration for node and server containers
The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not expose...
DLA-2715-1 systemd - security update
Bulletin has no description...
CVE-2023-6502 Inefficient Regular Expression Complexity in GitLab
A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page...
CVE-2024-5258 Authorization Bypass Through User-Controlled Key in GitLab
An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic...
GHSA-V923-W3X8-WH69 Passport vulnerable to session regeneration when a users logs in or out
This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed...
DLA-1811-1 miniupnpd - security update
Bulletin has no description...
CVE-2024-4835 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
A XSS condition exists within GitLab in versions 15.11 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this condition, an attacker can craft a malicious page to exfiltrate sensitive user information...
CVE-2024-23820 OpenFGA DoS
OpenFGA, an authorization/permission engine, is vulnerable to a denial of service attack in versions prior to 1.4.3. In some scenarios that depend on the model and tuples used, a call to ListObjects may not release memory properly. So when a sufficiently high number of those calls are executed, t...
PYSEC-2022-10
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method...
GHSA-GMC6-FWG3-75M5 Mimekit has vulnerable dependency that can lead to denial of service
Summary Denial of service vulnerability. Details See: https://github.com/advisories/GHSA-447r-wph3-92pm and https://github.com/dotnet/announcements/issues/312 PoC Update System.Security.Cryptography.Pkcs to 8.0.1 so that the transitive dependency with the issue gets updated Impact Denial of servi...
BIT-GITLAB-2020-10080
GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group...
CVE-2024-38475
Improper escaping of output in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure...
CVE-2023-7045 Cross-Site Request Forgery (CSRF) in GitLab
A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server KAS...
CVE-2018-19059
An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts...
BIT-GITLAB-2024-1816 Uncontrolled Resource Consumption in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 12.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows for an attacker to cause a denial of service using a crafted OpenAPI file...
BIT-TOMCAT-2020-13934
An h2c direct connection to Apache Tomcat 10.0.0 to 10.0.0, 9.0.0 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service...
CVE-2024-23822 Thruk Incorrect limitation of a pathname to a restricted directory (Path Traversal) (CWE-22)
Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring application presents a vulnerability in a file upload form that allows a threat actor to arbitrarily upload files to the server to any path they desire and have permissions for. This vulnerability is known as...
CVE-2022-36032 ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes...
DSA-5699-1 redmine - security update
Bulletin has no description...
CVE-2024-1118
The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2024-24019
A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/roleDataPerm/list...
BIT-GITLAB-2020-10079
GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required...
MAL-2024-10225 Malicious code in mobileye-8-connect (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e7b3a006f16102113625364a266a513016fe138d66a4008fc548e6df97c1a9a8 The OpenSSF Package Analysis project identified 'mobileye-8-connect' @ 7.7.8 npm as malicious. It is considered malicious because: - The package...
CVE-2024-21485
Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable t...
GHSA-4FC4-4P5G-6W89 Cross-site Scripting in CKEditor4
Affected packages The vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 HTML processing core module. The vulnerability allowed to inject malformed HTML bypassing...
BIT-HAPROXY-2024-49214
QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality...
BIT-GITLAB-2024-5257 Improper Access Control in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Developer user with admincomplianceframework custom role may have been able to modify the URL for a group namespace...
BIT-GITLAB-2024-5470 Improper Access Control in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with adminpushrules permission may have been able to create project-level deploy tokens...
PYSEC-2024-48
Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service ReDoS via the lineswithleadingtabsexpanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting thi...
BIT-GITLAB-2021-22241
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name...
PYSEC-2021-73
An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory...
CVE-2020-15227
Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework...
DLA-3153-1 libksba - security update
Bulletin has no description...
GHSA-87HQ-Q4GP-9WR4 react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js
Summary If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. Patches This patch forces isEvalSupported to false, removing...
GHSA-3V6V-2X6P-32MC pgadmin4 vulnerable to Code Injection
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...
GHSA-6HRG-QMVC-2XH8 joblib vulnerable to arbitrary code execution
The package joblib from 0 and before 1.2.0 is vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
OSV-2021-958 Dynamic-stack-buffer-overflow in mdb_numeric_to_string
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35972 Crash type: Dynamic-stack-buffer-overflow WRITE 16 Crash state: mdbnumerictostring mdbxferbounddata mdbattemptbind...