907959 matches found
GO-2023-2042 Arbitrary code execution via go.mod toolchain directive in cmd/go
The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...
PYSEC-2023-167
Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...
CVE-2023-41037 Cleartext Signed Message Signature Spoofing in openpgpjs
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorit...
ASB-A-253043490
In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed...
ALSA-2023:4377 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ipvlan: out-of-bounds write caused by unclear skb-cb CVE-2023-3090 kernel: clsflower: out-of-bounds write in flsetgeneveopt CVE-2023-35788 kernel: KVM: x86/mmu: race condition in...
RSEC-2023-2 Denial of Service (DoS) vulnerability
The readxl R package is exposed to a vulnerability owing to its underlying use of libxls library version 1.6.2. The vulnerability originates in the xlsgetWorkSheet function within xls.c in libxls. Attackers can exploit this flaw by utilizing a specially crafted XLS file, leading to a Denial of...
GHSA-F44M-65H3-99VC tarteaucitron.js vulnerable to Cross-site Scripting
Cross-site Scripting XSS - Stored in GitHub repository amauric/tarteaucitron.js prior to v1.13.1...
GHSA-G7VW-43XG-8M4H SQL injection in Liferay Portal
SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...
ALSA-2023:3087 Important: mysql:8.0 security, bug fix, and enhancement update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql 8.0.32. BZ2177734, BZ2177735, BZ2177736 Security Fixes: mysql: Server:...
ALSA-2023:2417 Moderate: php:8.1 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 8.1.14. Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could b...
GHSA-XV3H-4844-9H36 HTTP Multiline Header Termination
Impact Affected versions of Laminas Diactoros accepted a single line feed LF / \n character at the end of a header name. When serializing such a header name containing a line-feed into the on-the-wire representation of a HTTP/1.x message, the resulting message would be syntactically invalid, due ...
PYSEC-2023-20
Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur...
GO-2023-1546 Denial of service in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
The otelhttp package of opentelemetry-go-contrib is vulnerable to a denial-of-service attack. The otelhttp package uses the httpconv.ServerRequest function to annotate metric measurements for the http.server.requestcontentlength, http.server.responsecontentlength, and http.server.duration...
GO-2023-1568 Path traversal on Windows in path/filepath
A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative if invalid path into an absolute path could enable a directory traversal...
GHSA-56GJ-MVH6-RP75 URI validation failure on SVG parsing. Bypass of CVE-2023-23924
Summary Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Details Dompdf parses the href attribute of image tags with the following code: src/Image/Cache.php line 135-150 php function $parser, $name,...
ALSA-2023:0339 Moderate: sqlite security update
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...
GO-2022-1201 Timing attack in github.com/openshift/osin
Client secret checks are vulnerable to timing attacks, which could permit an attacker to determine client secrets...
DLA-3252-1 cacti - security update
Bulletin has no description...
GO-2022-1178 JWT leak in github.com/bradleyfalzon/ghinstallation
Errors returned by ghinstallation.Transport can include the JWT used for the failed operation. If the error is exposed to an untrusted party, this JWT could be extracted and used to authenticate further requests...
GHSA-3FHJ-WPVJ-X5W8 laravel-jqgrid vulnerable to SQL Injection
A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The name of the patch is...
PYSEC-2022-42979
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...
RUSTSEC-2022-0076 Bug in Wasmtime implementation of pooling instance allocator
Bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-required configuration...
CVE-2022-37966
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability...
RLSA-2022:7793 Moderate: rsync security and enhancement update
The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...
RUSTSEC-2022-0083 evm incorrect state transition
SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...
GHSA-WF7G-7H6H-678V Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console
An issue was discovered in Keycloak allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...
RLSA-2022:6449 Moderate: nodejs:16 security and bug fix update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs-ansi-regex: Regular expression denial of service ReDoS matching ANSI escape codes CVE-2021-3807 nodejs: DNS rebinding in --inspect via...
CVE-2022-36037 Cross-site scripting (XSS) from dynamic options in the multiselect field in Kirby
kirby is a content management system CMS that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting XSS is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel,...
GHSA-XC4W-28G8-VQM5 Path Traversal in Gravitee API Management
HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request...
DSA-5212-1 chromium - security update
Bulletin has no description...
DLA-3073-1 webkit2gtk - security update
Bulletin has no description...
RLSA-2022:5564 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: race condition in perfeventopen leads to privilege escalation CVE-2022-1729 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
RUSTSEC-2022-0033 Heap memory corruption with RSA private key operation
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X8664 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a...
DLA-3044-1 glib2.0 - security update
Bulletin has no description...
GHSA-FF7R-7RRM-WX6W Magento 2 Community Edition XSS Vulnerability
A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the editor can...
GHSA-CMXJ-WX9V-52QR Improper Validation of Certificate with Host Mismatch in Not Yet Commons SSL
Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
ALSA-2022:1986 Moderate: python3 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
CVE-2022-1629 Buffer Over-read in function find_next_quote in vim/vim
Buffer Over-read in function findnextquote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution...
PYSEC-2022-193
flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he captcha.validate function would return None if passed no value e.g. by submitting an having an empty form. If implementing users...
ALSA-2022:1445 Important: java-17-openjdk security and bug fix update
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: Improper ECDSA signature verification Libraries, 8277233 CVE-2022-21449 OpenJDK: Defective secure validation in Apache Santuario Libraries, 82780...
PYSEC-2022-194
PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content...
GHSA-3HJG-VC7R-RCRW Denial of Service vulnerability in @podium/layout and @podium/proxy
Impact An attacker using the Trailer header as part of the request against proxy endpoints has the ability to take down the server. All Podium layouts that include podlets with proxy endpoints are affected. Patches @podium/layout which is the main way developers/users are vulnerable to this...
DLA-2931-1 cyrus-sasl2 - security update
Bulletin has no description...
GHSA-FMX4-26R3-WXPF Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
Impact CommonMarker uses cmark-gfm for rendering Github Flavored Markdown. An integer overflow in cmark-gfm's table row parsing may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16MAX columns. The impact of this heap corruption ranges from Information...
GHSA-XVM2-9XVC-HX7F Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer
Impact Prior to xlsx-streamer 2.1.0, the XML parser that was used did not apply all the necessary settings to prevent XML Entity Expansion issues. Patches Upgrade to version 2.1.0. Workarounds No known workaround. References...
GHSA-RGJG-66CX-5X9M Grafana Authentication Bypass
Grafana before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. Specific Go Packages Affected github.com/grafana/grafana/pkg/api...
DSA-5062-1 nss - security update
Bulletin has no description...
DSA-5059-1 policykit-1 - security update
Bulletin has no description...
DSA-5046-1 chromium - security update
Bulletin has no description...
GHSA-WXGW-QJ99-44C2 Prototype Pollution in node-forge util.setPath API
Impact forge.util.setPath had a potential prototype pollution issue if called with untrusted keys. This API was not used by forge itself. Patches The forge.util.setPath API and related functions were removed in 0.10.0. Workarounds Don't call forge.util.setPath directly or indirectly with untruste...