908273 matches found
ALSA-2023:5869 Important: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 A AlmaLinux Security Bulletin which...
CVE-2023-39325
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
GHSA-8FXR-QFR9-P34W TorchServe Server-Side Request Forgery vulnerability
Impact Remote Server-Side Request Forgery SSRF Issue: TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and...
DLA-3592-1 jetty9 - security update
Bulletin has no description...
CVE-2023-42461 SQL injection in ITIL actors in GLPI
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised...
CVE-2023-41993
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7...
GHSA-38FQ-H5HC-GWV8 Microsoft Security Advisory CVE-2023-36794: .NET Remote Code Execution Vulnerability
Microsoft Security Advisory CVE-2023-36794: .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update thei...
PYSEC-2023-167
Vyper is a Pythonic Smart Contract Language. For the following probably non-exhaustive list of expressions, the compiler evaluates the arguments from right to left instead of left to right. unsafeadd, unsafesub, unsafemul, unsafediv, powmod256, |, &, ^ bitwise operators, bitwiseor deprecated,...
CVE-2023-41037 Cleartext Signed Message Signature Spoofing in openpgpjs
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorit...
GHSA-GPCV-P28P-FV2P odoh-rs's Invalid Slice Split Results in Server Panic
A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients. Impact An attacker with knowledge of this vulnerability could craft and...
ASB-A-253043490
In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed...
ALSA-2023:4377 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ipvlan: out-of-bounds write caused by unclear skb-cb CVE-2023-3090 kernel: clsflower: out-of-bounds write in flsetgeneveopt CVE-2023-35788 kernel: KVM: x86/mmu: race condition in...
RSEC-2023-2 Denial of Service (DoS) vulnerability
The readxl R package is exposed to a vulnerability owing to its underlying use of libxls library version 1.6.2. The vulnerability originates in the xlsgetWorkSheet function within xls.c in libxls. Attackers can exploit this flaw by utilizing a specially crafted XLS file, leading to a Denial of...
GHSA-G7VW-43XG-8M4H SQL injection in Liferay Portal
SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...
ALSA-2023:3087 Important: mysql:8.0 security, bug fix, and enhancement update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql 8.0.32. BZ2177734, BZ2177735, BZ2177736 Security Fixes: mysql: Server:...
GHSA-XV3H-4844-9H36 HTTP Multiline Header Termination
Impact Affected versions of Laminas Diactoros accepted a single line feed LF / \n character at the end of a header name. When serializing such a header name containing a line-feed into the on-the-wire representation of a HTTP/1.x message, the resulting message would be syntactically invalid, due ...
PYSEC-2023-20
Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur...
GO-2023-1611 Path traversal in github.com/gookit/goutil
fsutil.Unzip is vulnerable to path traversal attacks due to improper validation of paths...
CVE-2023-23915
A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP...
GHSA-56GJ-MVH6-RP75 URI validation failure on SVG parsing. Bypass of CVE-2023-23924
Summary Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Details Dompdf parses the href attribute of image tags with the following code: src/Image/Cache.php line 135-150 php function $parser, $name,...
GO-2022-1201 Timing attack in github.com/openshift/osin
Client secret checks are vulnerable to timing attacks, which could permit an attacker to determine client secrets...
GO-2022-1178 JWT leak in github.com/bradleyfalzon/ghinstallation
Errors returned by ghinstallation.Transport can include the JWT used for the failed operation. If the error is exposed to an untrusted party, this JWT could be extracted and used to authenticate further requests...
GHSA-3FHJ-WPVJ-X5W8 laravel-jqgrid vulnerable to SQL Injection
A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The name of the patch is...
PYSEC-2022-42979
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data Data Amplification...
RUSTSEC-2022-0076 Bug in Wasmtime implementation of pooling instance allocator
Bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-required configuration...
RLSA-2022:7793 Moderate: rsync security and enhancement update
The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...
RUSTSEC-2022-0083 evm incorrect state transition
SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...
GHSA-WF7G-7H6H-678V Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console
An issue was discovered in Keycloak allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOADSCRIPTS feature is disabled...
PYSEC-2022-43069
Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue...
CVE-2022-36037 Cross-site scripting (XSS) from dynamic options in the multiselect field in Kirby
kirby is a content management system CMS that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting XSS is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel,...
GHSA-XC4W-28G8-VQM5 Path Traversal in Gravitee API Management
HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request...
DSA-5212-1 chromium - security update
Bulletin has no description...
RLSA-2022:5564 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: race condition in perfeventopen leads to privilege escalation CVE-2022-1729 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
RUSTSEC-2022-0033 Heap memory corruption with RSA private key operation
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X8664 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a...
GHSA-FF7R-7RRM-WX6W Magento 2 Community Edition XSS Vulnerability
A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the editor can...
GHSA-CMXJ-WX9V-52QR Improper Validation of Certificate with Host Mismatch in Not Yet Commons SSL
Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2022-1629 Buffer Over-read in function find_next_quote in vim/vim
Buffer Over-read in function findnextquote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution...
PYSEC-2022-193
flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he captcha.validate function would return None if passed no value e.g. by submitting an having an empty form. If implementing users...
ALSA-2022:1445 Important: java-17-openjdk security and bug fix update
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: Improper ECDSA signature verification Libraries, 8277233 CVE-2022-21449 OpenJDK: Defective secure validation in Apache Santuario Libraries, 82780...
PYSEC-2022-194
PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content...
GHSA-FMX4-26R3-WXPF Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
Impact CommonMarker uses cmark-gfm for rendering Github Flavored Markdown. An integer overflow in cmark-gfm's table row parsing may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16MAX columns. The impact of this heap corruption ranges from Information...
GHSA-RGJG-66CX-5X9M Grafana Authentication Bypass
Grafana before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. Specific Go Packages Affected github.com/grafana/grafana/pkg/api...
DSA-5059-1 policykit-1 - security update
Bulletin has no description...
GHSA-WXGW-QJ99-44C2 Prototype Pollution in node-forge util.setPath API
Impact forge.util.setPath had a potential prototype pollution issue if called with untrusted keys. This API was not used by forge itself. Patches The forge.util.setPath API and related functions were removed in 0.10.0. Workarounds Don't call forge.util.setPath directly or indirectly with untruste...
CVE-2021-45960
In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory...
DSA-5015-1 samba - security update
Bulletin has no description...
CVE-2021-42386
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function...
DSA-4980-1 qemu - security update
Bulletin has no description...
ASB-A-169505929
In ibprctlset of bugs.c, there is a possible way to re-enable indirect branch speculation due to a permissions bypass. This could lead to local information disclosure via a Spectre v2 attack with no additional execution privileges needed. User interaction is not needed for exploitation...
DLA-2773-1 curl - security update
Bulletin has no description...