908024 matches found
DSA-2923-1 openjdk-7 - security update
Bulletin has no description...
DSA-2695-1 chromium-browser - several
Bulletin has no description...
DSA-2669-1 linux - several
Bulletin has no description...
DSA-2027-1 xulrunner - several vulnerabilities
Bulletin has no description...
DSA-1988-1 qt4-x11 - several vulnerabilities
Bulletin has no description...
DSA-1568-1 b2evolution - cross site scripting
Bulletin has no description...
DSA-1564-1 wordpress - several vulnerabilities
Bulletin has no description...
DSA-1503-1 kernelimage-2.4.27 - several issues
Bulletin has no description...
DSA-1406-1 horde3 - several vulnerabilities
Bulletin has no description...
DSA-1358-1 asterisk
Bulletin has no description...
DSA-1112 mysql-dfsg-4.1 - several vulnerabilities
Bulletin has no description...
DSA-1018-1 kernel-source-2.4.27 - several
Bulletin has no description...
GO-2025-3930 Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve
Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve...
MAL-2025-7121 Malicious code in @bmw-ds/components (npm)
The package @bmw-ds/components was found to contain malicious code...
MAL-2025-6361 Malicious code in exceljs-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 542e79c60c18aa779332620c884952b318f885c798a0ac8c2d3bf87bfad26950 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
ASB-A-301470262
In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-391895923
In multiple functions of DexUseManagerLocal.java, there is a possible way to crash system server due to a logic error in the code. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
BELL-CVE-2025-32728
Bulletin has no description...
BELL-CVE-2025-26465
Bulletin has no description...
ASB-A-376814212
Bulletin has no description...
ASB-A-316578327
In onClick of MainClear.java, there is a possible way to trigger factory reset without explicit user consent due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
GO-2024-3327 SiYuan has an arbitrary file read via /api/template/render in github.com/siyuan-note/siyuan/kernel
SiYuan has an arbitrary file read via /api/template/render in github.com/siyuan-note/siyuan/kernel...
ALSA-2024:10952 Moderate: php:7.4 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: 1-byte array overrun in common path resolve code CVE-2023-0568 php: Passwordverify always return true with some hash CVE-2023-0567 php: Missing error check and insufficient random bytes in...
CVE-2024-51127
An issue in the createTempFile method of hornetq v2.4.9 allows attackers to arbitrarily overwrite files or access sensitive information...
RHSA-2023:3914 Red Hat Security Advisory: Red Hat OpenShift Enterprise security update
Bulletin has no description...
RLSA-2024:5814 Moderate: nodejs:20 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import...
RHSA-2013:0770 Red Hat Security Advisory: java-1.6.0-openjdk security update
Bulletin has no description...
RHSA-2019:3299 Red Hat Security Advisory: rh-php72-php security update
Bulletin has no description...
RHSA-2017:1161 Red Hat Security Advisory: httpd24-httpd security, bug fix, and enhancement update
Bulletin has no description...
RHEA-2013:1032 Red Hat Enhancement Advisory: Red Hat OpenShift Enterprise 1.2 Node Release Advisory
Bulletin has no description...
CVE-2024-45490
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer...
GO-2024-3076 Trufflehog vulnerable to Blind SSRF in some Detectors in github.com/trufflesecurity/trufflehog
Trufflehog vulnerable to Blind SSRF in some Detectors in github.com/trufflesecurity/trufflehog...
GO-2024-3078 LF Edge eKuiper has a SQL Injection in sqlKvStore in github.com/lf-edge/ekuiper
LF Edge eKuiper has a SQL Injection in sqlKvStore in github.com/lf-edge/ekuiper...
GO-2022-1248 usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos
usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos...
GO-2022-1218 usememos/memos Improper Access Control vulnerability in github.com/usememos/memos
usememos/memos Improper Access Control vulnerability in github.com/usememos/memos...
GO-2022-0480 Node DOS by way of memory exhaustion through ExecSync request in CRI-O in github.com/cri-o/cri-o
Node DOS by way of memory exhaustion through ExecSync request in CRI-O in github.com/cri-o/cri-o...
GO-2023-1871 SpiceDB's LookupResources may return partial results in github.com/authzed/spicedb
SpiceDB's LookupResources may return partial results in github.com/authzed/spicedb...
GO-2023-1721 OpenFeature Operator vulnerable to Cluster-level Privilege Escalation in github.com/open-feature/open-feature-operator
OpenFeature Operator vulnerable to Cluster-level Privilege Escalation in github.com/open-feature/open-feature-operator...
DSA-5729-1 apache2 - security update
Bulletin has no description...
GHSA-HH2W-P6RV-4G7W Microsoft Security Advisory CVE-2024-30105 | .NET Denial of Service Vulnerability
Microsoft Security Advisory CVE-2024-30105 | .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0. This advisory also provides guidance on what developers can do to update their applications t...
BIT-APACHE-2024-38472
SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new...
BIT-APACHE-2024-38473 Apache HTTP Server proxy encoding problem
Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
OPENSUSE-SU-2024:11167-1 php7-7.4.24-1.1 on GA media
These are all security issues fixed in the php7-7.4.24-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:10290-1 apache2-mod_php7-7.0.14-1.4 on GA media
These are all security issues fixed in the apache2-modphp7-7.0.14-1.4 package on the GA media of openSUSE Tumbleweed...
CVE-2024-35219 OpenAPI Generator Online - Arbitrary File Read/Delete
OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...
DLA-3818-1 apache2 - security update
Bulletin has no description...
ALSA-2024:3339 Important: glibc security update
The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc: Ou...
DLA-3816-1 bind9 - security update
Bulletin has no description...
GHSA-RHXJ-GH46-JVW8 Grafana Plugin signature bypass
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-31123 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...
GO-2024-2831 ATX protocol validation problem in github.com/spacemeshos/go-spacemesh
Nodes can publish ATXs which reference the incorrect previous ATX of the Smesher that created the ATX. ATXs are expected to form a single chain from the newest to the first ATX ever published by an identity. Allowing Smeshers to reference an earlier but not the latest ATX as previous breaks this...