921352 matches found
GHSA-P9XF-3RM3-QH2H Wildfly-Core user account mismanagement
A flaw was found in Wildfly. An incorrect JBOSSLOCALUSER challenge location when using the elytron configuration may lead to JBOSSLOCALUSER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects...
DLA-3006-1 openjdk-8 - security update
Bulletin has no description...
GHSA-5GG7-5WV8-4GCJ Undertow Request Smuggling vulnerability
It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling...
GHSA-V45R-RJ5X-HPG2 Cleartext Transmission of Sensitive Information in Apache CXF
The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing th...
GHSA-CVX5-M8VG-VXGC Arbitrary filesystem write access from velocity.
Impact The velocity scripts is not properly sandboxed against using the Java File API to perform read or write operations on the filesystem. Now writing an attacking script in velocity requires the Script rights in XWiki so not all users can use it, and it also requires finding an XWiki API which...
GHSA-75P6-52G3-RQC8 Keycloak vulnerable to privilege escalation on Token Exchange feature
A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the clientid of the target. This could allow a client to gain unauthorized access to...
PYSEC-2022-195
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing...
GHSA-P4JG-PCCF-H82C Insecure Temporary File in SWHKD
SWHKD is a display protocol-independent hotkey daemon made in Rust. In SWHKD versions 1.1.5 and prior, SWHKD uses the /tmp/swhkd.pid pathname. As /tmp is accessible to all users, there can be an information leak or denial of service. No known workarounds exist. A patch is available on the 1.1.0...
GHSA-389P-FCHR-Q2MG Path Traversal in ImpressCMS
ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHPSESSIONUPLOADPROGRESS when the PHP installation supports...
GO-2022-0646 CBC padding oracle issue in AWS S3 Crypto SDK for golang in github.com/aws/aws-sdk-go
A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code MAC, which then allows an attacker who has write access to the target's S3 bucket and can observe...
GHSA-6M93-343M-3JRC Cross-site Scripting in HTML2PDF
An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document...
GHSA-CXG7-84WP-8PCQ YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product
YetiForceCRM is vulnerable to Business Logic Errors in the Weight of a Product since that value can be a negative number...
GHSA-23FP-FMRV-F5PX Uncontrolled Resource Consumption in strapi
A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application...
RLSA-2021:4381 Moderate: GNOME security, bug fix, and enhancement update
GNOME is the default desktop environment of Rocky Linux. The following packages have been upgraded to a later upstream version: gdm 40.0, webkit2gtk3 2.32.3. BZ1909300 Security Fixes: webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution CVE-2020-13558...
CVE-2021-41158
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the...
CVE-2021-41103
containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory...
ALSA-2021:3590 Moderate: mysql:8.0 security, bug fix, and enhancement update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql 8.0.26. BZ1996693 Security Fixes: mysql: Server: Stored Procedure multiple...
GHSA-F34X-8PF6-QC9C HTTP header injection in Sonatype Nexus Repository
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance...
GHSA-F865-M6CQ-J9VX ReDOS in Mpmath
A Regular Expression Denial of Service ReDOS vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called...
DSA-4944-1 krb5 - security update
Bulletin has no description...
DSA-4921-1 nginx - security update
Bulletin has no description...
DSA-4915-1 postgresql-11 - security update
Bulletin has no description...
GO-2020-0016 Infinite loop in github.com/ulikunitz/xz
An attacker can construct a series of bytes such that calling Reader.Read on the bytes could cause an infinite loop. If parsing user supplied input, this may be used as a denial of service vector...
GO-2021-0090 Denial of service in github.com/tendermint/tendermint
Proposed commits may contain signatures for blocks not contained within the commit. Instead of skipping these signatures, they cause failure during verification. A malicious proposer can use this to force consensus failures...
DSA-4848-1 golang-1.11 - security update
Bulletin has no description...
CVE-2020-35911
An issue was discovered in the lockapi crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockReadGuard unsoundness...
CVE-2020-28458
All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806...
ASB-A-147802478
In doepollctl and eploopcheckproc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-160265164
In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEncoder.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation...
DSA-4792-1 openldap - security update
Bulletin has no description...
RLSA-2020:4670 Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
Rocky Enterprise Software Foundation Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. The following packages have been upgraded to a later upstream version: ipa 4.8.7, softhsm...
GHSA-HGGM-JPG3-V476 RSA decryption vulnerable to Bleichenbacher timing vulnerability
RSA decryption was vulnerable to Bleichenbacher timing vulnerabilities, which would impact people using RSA decryption in online scenarios. This is fixed in cryptography 3.2...
CVE-2020-25595
An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't ...
GHSA-84J7-475P-HP8V HTTP Response Splitting in Puma
In Puma RubyGem before 4.3.2 and 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...
RUSTSEC-2019-0001 Uncontrolled recursion leads to abort in HTML serialization
Affected versions of this crate did use recursion for serialization of HTML DOM trees. This allows an attacker to cause abort due to stack overflow by providing a pathologically nested input. The flaw was corrected by serializing the DOM tree iteratively instead...
DLA-1725-1 rsync - security update
Bulletin has no description...
CVE-2019-6111
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented...
DSA-4353-1 php7.0 - security update
Bulletin has no description...
DSA-4281-1 tomcat8 - security update
Bulletin has no description...
UBUNTU-CVE-2017-15139
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive...
DSA-4259-1 ruby2.3 - security update
Bulletin has no description...
CVE-2017-7375
A flaw in libxml2 allows remote XML entity inclusion with default parser flags i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes. Depending on the context, this may expose a higher-risk attack surface in libxml2 not...
CVE-2017-15365
sql/eventdataobjects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language DDL statemen...
DSA-3433-1 samba - security update
Bulletin has no description...
DLA-27-1 file - security update
Bulletin has no description...
DSA-2929-1 ruby-actionpack-3.2 - security update
Bulletin has no description...
DSA-2632-1 linux-2.6 - several vulnerabilities
Bulletin has no description...
DSA-2342-1 iceape - several
Bulletin has no description...
DSA-2336-1 ffmpeg - several
Bulletin has no description...
DSA-2264-1 linux-2.6 - several issues
Bulletin has no description...