909148 matches found
CVE-2021-34798
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier...
GHSA-8HFJ-XRJ2-PM22 Certificate check bypass in openssl-src
The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...
UVI-2021-1001489 udf: Fix NULL pointer dereference in udf_symlink function
udf: Fix NULL pointer dereference in udfsymlink function This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.276 by commit...
ASB-A-171705902
In fixuppistateowner of futex.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PYSEC-2021-875
The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...
DSA-4945-1 webkit2gtk - security update
Bulletin has no description...
ALSA-2021:2714 Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: sizet-to-int conversion vulnerability in the filesystem layer CVE-2021-33909 kernel: race condition for removal of the HCI controller CVE-2021-32399 For more details about the security...
DLA-2713-1 linux - security update
Bulletin has no description...
PYSEC-2021-331
Pillow through 8.2.0 and PIL aka Python Imaging Library through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c...
GHSA-GQ67-PP9W-43GP Cryptographically weak CSRF tokens in Apache MyFaces
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery CSRF tokens. Due to that limitation, it is possible although difficult for an attacker ...
PSF-2021-2 ipaddress leading zeros in IPv4 address
In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This in some situations allows attackers to bypass access control that is based on IP addresses...
DSA-4906-1 chromium - security update
Bulletin has no description...
GO-2020-0033 Path Traversal in aahframe.work
Due to improper sanitization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read...
ASB-A-174737742
In blkdevget of blockdev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
RUSTSEC-2021-0035 `quinn` invalidly assumes the memory layout of std::net::SocketAddr
The quinn crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...
CVE-2020-29600
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501...
ASB-A-161812320
In the AIBinderClass constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinderndk in a vulnerable way with no additional execution privileges needed. User interaction is no...
DLA-2376-1 qtbase-opensource-src - security update
Bulletin has no description...
RLSA-2020:3662 Moderate: php:7.3 security, bug fix, and enhancement update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.3.20. BZ1856655 Security Fixes: php: Out-of-bounds read due to integer overflow in iconvmimedecodeheaders CVE-2019-11039 php: Buffer...
DLA-2342-1 libjackson-json-java - security update
Bulletin has no description...
DSA-4707-1 mutt - security update
Bulletin has no description...
DLA-2241-1 linux - security update
Bulletin has no description...
GHSA-GG84-QGV9-W4PQ CRLF injection in httplib2
Impact Attacker controlling unescaped part of uri for httplib2.Http.request could change request headers and body, send additional hidden requests to same server. Impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping...
DSA-4643-1 python-bleach - security update
Bulletin has no description...
CVE-2020-1935
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse...
PYSEC-2020-175
In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user at least more than the current one which have his "TempPath" resolving to a world...
CVE-2019-17563
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, th...
DLA-2043-1 gdk-pixbuf - security update
Bulletin has no description...
DSA-4565-1 intel-microcode - security update
Bulletin has no description...
DSA-4563-1 webkit2gtk - security update
Bulletin has no description...
DSA-4434-1 drupal7 - security update
Bulletin has no description...
DLA-1741-1 php5 - security update
Bulletin has no description...
PYSEC-2019-193
In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowi...
PYSEC-2019-78
A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated...
DSA-4387-1 openssh - security update
Bulletin has no description...
DLA-1651-1 libgd2 - security update
Bulletin has no description...
CVE-2018-1336
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86...
DLA-1446-1 intel-microcode - security update
Bulletin has no description...
CVE-2018-8007
Apache CouchDB administrative users can configure the database server via HTTPS. Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system's user th...
DLA-1407-1 mariadb-10.0 - security update
Bulletin has no description...
CVE-2017-17790
The lazyinitialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernelopen, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input ma...
GHSA-8C56-CPMW-89X7 Out-of-bounds read in nokogiri
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. GitHub is notifying ...
GHSA-FHJ9-CJJH-27VM Active Record contains deserialization of arbitrary YAML
ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML...
GHSA-XGR2-V94M-RC9G activesupport in Rails vulnerable to incorrect data conversion
lib/activesupport/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication v...
CVE-2017-12611
In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack...
DSA-3981-1 linux - security update
Bulletin has no description...
DSA-3783-1 php5 - security update
Bulletin has no description...
DSA-3750-1 libphp-phpmailer - security update
Bulletin has no description...
CVE-2016-6664
mysqldsafe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when...
DLA-552-1 binutils - security update
Bulletin has no description...