907645 matches found
DSA-1830-1 icedove - several vulnerabilities
Bulletin has no description...
DSA-1751-1 xulrunner - several vulnerabilities
Bulletin has no description...
DSA-1568-1 b2evolution - cross site scripting
Bulletin has no description...
DSA-1504-1 kernel-image-2.6.8 - several issues
Bulletin has no description...
DSA-1479-1 linux-2.6
Bulletin has no description...
DSA-1406-1 horde3 - several vulnerabilities
Bulletin has no description...
DSA-1358-1 asterisk
Bulletin has no description...
DSA-1112 mysql-dfsg-4.1 - several vulnerabilities
Bulletin has no description...
DSA-1018-1 kernel-source-2.4.27 - several
Bulletin has no description...
RHSA-2026:22721 Red Hat Security Advisory: expat security update
Bulletin has no description...
ASB-A-373467684
In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User...
ASB-A-309407957
In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-370477460
In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...
ASB-A-331730488
In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
BELL-CVE-2025-32728
Bulletin has no description...
GHSA-QCCG-9M4Q-XFM6 DB-GPT is vulnerable to SQL Injection attacks from unauthenticated users
In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/sql/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write using DuckDB SQL, enabling them to write arbitrary files to the...
BELL-CVE-2025-26465
Bulletin has no description...
BIT-GITLAB-2025-1072 Allocation of Resources Without Limits or Throttling in GitLab
A Denial of Service DoS issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14.1 prior to 17.3.7, 17.4 prior to 17.4.4, and 17.5 prior to 17.5.2. A denial of service could occur upon importing maliciously crafted content using the Fogbugz importer...
SUSE-SU-2025:0289-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52489: mm/sparsemem: fix race in accessing memorysection-usage bsc1221326. - CVE-2024-26596: net: dsa: fix netdevpriv dereference...
GO-2024-3215 Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana
Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
RHSA-2013:0770 Red Hat Security Advisory: java-1.6.0-openjdk security update
Bulletin has no description...
RHSA-2023:2951 Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2019:3299 Red Hat Security Advisory: rh-php72-php security update
Bulletin has no description...
RHSA-2017:1161 Red Hat Security Advisory: httpd24-httpd security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2024:0554 Red Hat Security Advisory: kpatch-patch security update
Bulletin has no description...
CVE-2024-5435 Generation of Error Message Containing Sensitive Information in GitLab
An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2 will disclose user password from repository mirror configuration...
CVE-2024-45490
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer...
GO-2022-1248 usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos
usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos...
GO-2023-1552 Answer has Cross-site Scripting vulnerability in github.com/answerdev/answer
Answer has Cross-site Scripting vulnerability in github.com/answerdev/answer...
BIT-APACHE-2024-40898 Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows
SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue...
DSA-5729-1 apache2 - security update
Bulletin has no description...
ASB-A-317048338
In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
GO-2024-2903 Contract balance not updating correctly after interchain transaction in github.com/evmos/evmos
Contract balance not updating correctly after interchain transaction in github.com/evmos/evmos...
SUSE-SU-2024:1983-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26921: Preserve kabi for skbuff bsc1223138. - CVE-2022-48686: Fix UAF when detecting digest errors bsc1223948. - CVE-2021-47074: Fixed memory leak in...
CGA-PM7P-QWHH-C8X2
Bulletin has no description...
ALSA-2024:3618 Moderate: kernel update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation CVE-2023-6240 kernel: Information disclosure in vhost/vhost.c:vhostnewmsg CVE-2024-0340 kernel: untrusted VMM can...
GO-2024-2641 Insecure Variable Substitution in Vela in github.com/go-vela/worker
Insecure Variable Substitution in Vela in github.com/go-vela/worker...
GHSA-CJCC-P67M-7QXM Unsafe Reflection in base Component class in yiisoft/yii2
Yii2 supports attaching Behaviors to Components by setting properties having the format 'as '. Internally this is done using the set magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using Yii::createObject$value. However, ther...
CVE-2024-35219 OpenAPI Generator Online - Arbitrary File Read/Delete
OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...
DLA-3818-1 apache2 - security update
Bulletin has no description...
ALSA-2024:3339 Important: glibc security update
The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc: Ou...
RLSA-2024:2562 Important: golang security update
The golang packages provide the Go programming language compiler. Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 golang: net/http/cookiejar: incorrect...
RLSA-2024:2551 Important: bind security update
The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...
CVE-2024-34347 @hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE
@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. However, the vm module is not safe for sandboxing untrusted Javascript code. This is because code inside th...
CVE-2024-34075 kurwov vulnerable to Denial of Service due to improper data sanitization
kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a...
ALSA-2024:2348 Moderate: python-jinja2 security update
The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: jinja2: HTML attribute injection when passing user input as keys to xmlattr...
ALSA-2024:1872 Important: mod_http2 security update
The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: CONTINUATION frames DoS CVE-2024-27316 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
DLA-3779-1 tomcat9 - security update
Bulletin has no description...
CVE-2023-6597
An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged...
CVE-2023-28746
Information exposure through microarchitectural state after transient execution from some register files for some IntelR AtomR Processors may allow an authenticated user to potentially enable information disclosure via local access...