921352 matches found
DSA-2298-1 apache2 - denial of service
Bulletin has no description...
DSA-2235-1 icedove - several
Bulletin has no description...
DSA-1666-1 libxml2 - several vulnerabilities
Bulletin has no description...
DSA-1638-1 openssh - denial of service
Bulletin has no description...
DSA-1636-1 linux-2.6.24 - several vulnerabilities
Bulletin has no description...
DSA-1286-1 linux-2.6
Bulletin has no description...
DSA-797-1 zsync - buffer overflow
Bulletin has no description...
DSA-312 kernel-patch-2.4.18-powerpc - several vulnerabilities
Bulletin has no description...
DSA-143 krb5 - integer overflow
Bulletin has no description...
CGA-4CM4-PXM6-X3MP
Bulletin has no description...
HSEC-2024-0002 out-of-bounds write when there are many bzip2 selectors
out-of-bounds write when there are many bzip2 selectors A malicious bzip2 payload may produce a memory corruption resulting in a denial of service and/or remote code execution. Network services or command line utilities decompressing untrusted bzip2 payloads are affected. Note that the exploitati...
GHSA-C2JP-C369-7PVX FastMCP Auth Integration Allows for Confused Deputy Account Takeover
Summary FastMCP documentation covers the scenario where it is possible to use Entra ID or other providers for authentication. In this context, because Entra ID does not support Dynamic Client Registration DCR, the FastMCP-hosted MCP server is acting as the authorization provider, as declared in t...
ASB-A-367274727
In addattr of sdpdiscovery.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-303227969
In allowPackageAccess of multiple files, resource exhaustion is possible when repeatedly adding allowed packages. This could lead to a local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
OESA-2025-1039 spark security update
Apache Spark achieves high performance for both batch and streaming data, using a state-of-the-art DAG scheduler, a query optimizer, and a physical execution engine. Security Fixes: Signing cookies is an application security feature that adds a digital signature to cookie data to verify its...
MAL-2024-11695 Malicious code in rk-pairip (PyPI)
--- -= Per source details. Do not edit below this line.=-...
RHSA-2024:8870 Red Hat Security Advisory: kernel-rt security update
Bulletin has no description...
RHSA-2019:1529 Red Hat Security Advisory: pki-deps:10.6 security update
Bulletin has no description...
RHSA-2023:5970 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.1 (collectd-libpod-stats) security update
Bulletin has no description...
RHSA-2023:1325 Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update
Bulletin has no description...
RHSA-2020:2059 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.8 on RHEL 7 security update
Bulletin has no description...
RHSA-2023:2458 Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2024:4312 Red Hat Security Advisory: openssh security update
Bulletin has no description...
CVE-2024-45409 The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector
The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in = 12.2 and 1.13.0 = 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document by the IdP can thus forge a SAML...
RUSTSEC-2024-0364 gitoxide-core does not neutralize special characters for terminals
Summary The gix and ein commands write pathnames and other metadata literally to terminals, even if they contain characters terminals treat specially, including ANSI escape sequences. This sometimes allows an untrusted repository to misrepresent its contents and to alter or concoct error messages...
GO-2023-1657 Answer has Guessable CAPTCHA in github.com/answerdev/answer
Answer has Guessable CAPTCHA in github.com/answerdev/answer...
GO-2023-1617 Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer
Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer...
GHSA-55P7-V223-X366 IdentityServer Open Redirect vulnerability
Impact It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some browsers will follow it to a third-party, untrusted site. Affected Methods - In the...
ALSA-2024:4720 Important: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Encoding problem in modproxy CVE-2024-38473 httpd: Substitution encoding issue in modrewrite CVE-2024-38474 httpd: Improper escaping of output in modrewrite CVE-2024-38475...
GO-2024-2641 Insecure Variable Substitution in Vela in github.com/go-vela/worker
Insecure Variable Substitution in Vela in github.com/go-vela/worker...
GHSA-PMF3-C36M-G5CF Container escape at build time
Impact What kind of vulnerability is it? Who is impacted? Users running containers with root privileges allowing a container to run with read/write access to the host system files when selinux is not enabled. With selinux enabled, some read access is allowed. Patches From @nalind cat...
BIT-GOLANG-2023-24538 Backticks not treated as string delimiters in html/template
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
ASB-A-273935108
In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation...
ALSA-2024:0887 Moderate: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 golang: cmd/go: Protocol Fallback when fetching modules CVE-2023-452...
CVE-2023-52425
libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple buffer fills are needed...
GHSA-VH55-786G-WJWJ .NET Information Disclosure Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. An information disclosure vulnerability exists in .NE...
ALSA-2024:0647 Moderate: rpm security update
The RPM Package Manager RPM is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Security Fixes: rpm: TOCTOU race in checks for unsafe symlinks CVE-2021-35937 rpm: races with chown/chmod/capabilities calls...
ALSA-2024:0606 Moderate: openssh security update
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: ssh: Prefix truncation attack on Binary Packet Protocol BPP CVE-2023-48795 openssh: potential...
PYSEC-2024-18
Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the window endpoint does not sanitize user-supplied input from the location variable and passes it to the send method which sends a GET request on lines 339-343 in request.py, which leads to a server-side request...
PYSEC-2024-10
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable...
GHSA-98G6-XH36-X2P7 Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability...
ASB-A-275626001
In a2dpvendoropusdecoderdecodepacket of a2dpvendoropusdecoder.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
ALSA-2023:7090 Moderate: libmicrohttpd security update
GNU libmicrohttpd is a small C library that makes it easy to run an HTTP server as part of another application. Security Fixes: libmicrohttpd: remote DoS CVE-2023-27371 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...
DSA-5553-1 postgresql-15 - security update
Bulletin has no description...
ALSA-2023:6474 Moderate: podman security, bug fix, and enhancement update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 net/http...
ALSA-2023:6738 Moderate: java-21-openjdk security and bug fix update
The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: OpenJDK: memory corruption issue on x8664 with AVX-512 8317121 CVE-2023-22025 OpenJDK: certificate path validation issue during client authentication...
GHSA-JQ35-85CJ-FJ4P /sys/devices/virtual/powercap accessible by default to containers
Intel's RAPL Running Average Power Limit feature, introduced by the Sandy Bridge microarchitecture, provides software insights into hardware energy consumption. To facilitate this, Intel introduced the powercap framework in Linux kernel 3.13, which reads values via relevant MSRs model specific...
GHSA-R344-XW3P-2FRJ Apollo Router vulnerable to Improper Check or Handling of Exceptional Conditions
Impact The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part respons...
ALSA-2023:5849 Important: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 nodejs: integrity checks according t...
GHSA-RC4V-99CR-PJCM Prototype Pollution in ali-security/mongoose
Impact This vulnerability causes a Prototype Pollution in document.js, through functions such as findByIdAndUpdate. For applications using Express and EJS, this can potentially allow remote code execution. Patches The original patched version for mongoose 5.3.3 did not include a fix for...