909089 matches found
CVE-2023-25725
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some...
DLA-3314-1 libsdl2 - security update
Bulletin has no description...
GHSA-864V-6QJ7-62QJ Issue with whitespace in JWT roles in OpenSearch
Advisory title: Issue with whitespace in JWT roles Affected versions: OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 Patched versions: OpenSearch 1.3.8 and 2.5.0 Impact: OpenSearch uses JWTs to store role claims obtained from the Identity Provider IdP when the authentication backend is SAML or OpenID...
RUSTSEC-2023-0002 git2 Rust package suppresses ssh host key checking
By default, when accessing an ssh repository ie via an ssh: git repository url the git2 Rust package does not do any host key checking. Additionally, the provided API is not sufficient for a an application to do meaningful checking itself. Impact When connecting to an ssh repository, and when an...
ALSA-2023:0110 Moderate: sqlite security update
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...
GHSA-J94P-HV25-RM5G Apiman has potential permissions bypass
Impact Incorrect default permissions for certain read-only resources in the Apiman 1.5.7.Final through 2.2.3.Final in the Apiman Manager REST API allows a remote authenticated attacker to access information and resources in an Apiman Organizations they are not a member of and/or do not have...
CVE-2021-44758
Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferredmechtype of GSSCNOOID and a nonzero initialresponse value to sendaccept...
PYSEC-2022-42993
GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destinati...
GHSA-MJMJ-J48Q-9WG2 SnakeYaml Constructor Deserialization Remote Code Execution
Summary SnakeYaml's Constructor class, which inherits from SafeConstructor, allows any type be deserialized given the following line: new Yamlnew ConstructorTestDataClass.class.loadyamlContent; Types do not have to match the types of properties in the target class. A ConstructorException is throw...
CVE-2022-23510 SQl injection in cube-js
cube-js is a headless business intelligence platform. In version 0.31.23 all authenticated Cube clients could bypass SQL row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. This issue has been resolved in version 0.31.24. Users are advised to either upgrade ...
GO-2022-1144 Excessive memory growth in net/http and golang.org/x/net/http2
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...
DLA-3230-1 jqueryui - security update
Bulletin has no description...
CVE-2022-4141 Heap-based Buffer Overflow in vim/vim
Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command...
GHSA-8G2P-5PQH-5JMC .NET Information Disclosure Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET, .NET Core and .NET Framework's System.Data.SqlClient and Microsoft.Data.SqlClient NuGet Packages. A vulnerability exists in System.Data.SqlClient and Microsoft.Data.SqlClient libraries where a...
CVE-2022-3786
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...
RUSTSEC-2022-0064 X.509 Email Address 4-byte Buffer Overflow
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...
CVE-2022-3626
LibTIFF 4.4.0 has an out-of-bounds write in TIFFmemset in libtiff/tifunix.c:340 when called from processCropSelections, tools/tiffcrop.c:7619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit...
GHSA-27RF-8MJP-R363 Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are generally safe to execute. Calls to code defined inside a sandboxed script are intercepted, and various allowlists are checked to determine whether the call is to be...
GHSA-C27J-76XG-6X4F Kirby CMS vulnerable to user enumeration in the brute force protection
TL;DR This vulnerability affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. It can only be exploited for targeted attacks because the attack does not scale to brute force. ---- Introduction User enumeration is a type of vulnerability that allows...
DSA-5257-1 linux - security update
Bulletin has no description...
GHSA-6CVR-RVPM-9WX4 Jenkins SCM HttpClient Plugin vulnerable to Cross-Site Request Forgery
SCM HttpClient Plugin 1.5 and earlier does not perform permission check in a method implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing...
DSA-5235-1 bind9 - security update
Bulletin has no description...
DSA-5227-1 libgoogle-gson-java - security update
Bulletin has no description...
ASB-A-219942275
In storeAtts of xmlparse.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
DSA-5186-1 djangorestframework - security update
Bulletin has no description...
CVE-2022-34169
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...
PYSEC-2022-226
The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting XSS via the query string parameter q. In the case where it does not contain the http string, it is used to build the errormessage that is then rendered in the error.html template, using the flask.rendertemplate functio...
GHSA-F2WF-25XC-69C9 Failure to strip the Cookie header on change in host or HTTP downgrade
Impact Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward...
GHSA-R48Q-9G5R-8Q2H Authorization Bypass Through User-Controlled Key in go-restful
Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0...
ALSA-2022:4797 Important: maven:3.6 security update
The Apache Maven Shared Utils project aims to be an improved functional replacement for plexus-utils in Maven. Security Fixes: maven-shared-utils: Command injection via Commandline class CVE-2022-29599 For more details about the security issues, including the impact, a CVSS score, acknowledgments...
CVE-2022-30788
A crafted NTFS image can cause a heap-based buffer overflow in ntfsmftrecalloc in NTFS-3G through 2021.8.22...
GHSA-HHMF-7RGG-GCW5 Plone SQL Injection Vulnerability
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. This is a problem in Zope...
GHSA-XH29-R2W5-WX8M Nokogiri Improperly Handles Unexpected Data Type
Summary Nokogiri = 1.13.6. JRuby users are not affected. Workarounds To avoid this vulnerability in affected applications, ensure the untrusted input is a String by calling tos or equivalent. Credit This vulnerability was responsibly reported by @agustingianni and the Github Security Lab...
GHSA-WJP3-4XCQ-598P Apache Sling JCR ContentLoader XmlReader Arbitrary File Load
The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader...
DLA-2992-1 openvpn - security update
Bulletin has no description...
ASB-A-220741611
In multiple functions of ioviter.c, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege in system libraries with no additional execution privileges needed. User interaction is not needed for exploitation...
PYSEC-2022-183
Encode OSS httpx =1.0.0.beta0 is affected by improper input validation in httpx.URL, httpx.Client and some functions using httpx.URL.copywith...
GHSA-Q77Q-VX4Q-XX6Q Cross-site Scripting in org.owasp.esapi:esapi
Impact There is a potential for an XSS vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configuration file that can cause URLs with the "javascript:" scheme to NOT be sanitized. See the reference below for full details. Patches Patched in...
GHSA-4HJ2-R2PM-3HC6 Incorrect Default Permissions in CRI-O
Impact A bug was found in CRI-O where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...
RLSA-2022:1445 Important: java-17-openjdk security and bug fix update
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: Improper ECDSA signature verification Libraries, 8277233 CVE-2022-21449 OpenJDK: Defective secure validation in Apache Santuario Libraries, 82780...
GHSA-W98M-2XQG-9CVJ Remote Code Execution in paginator
There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate function. Impact There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate...
CVE-2022-24771 Improper Verification of Cryptographic Signature in node-forge
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses...
PYSEC-2022-163
The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...
GHSA-MCG6-H362-CMQ5 Improper Authorization in cobbler
Impact If PAM is correctly configured and a user account is set to expired, the expired user-account is still able to successfully log into Cobbler in all places Web UI, CLI & XMLRPC-API. The same applies to user accounts with passwords set to be expired. Patches There is a patch for the latest...
GHSA-CRP2-QRR5-8PQ7 containerd CRI plugin: Insecure handling of image volumes
Impact A bug was found in containerd where containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup...
CVE-2022-23308
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes...
GHSA-J229-2H63-RVH9 Improper Authentication for Keycloak
A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application...
CVE-2022-23576 Integer overflow in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateOutputSize is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number ...
GHSA-VVMR-8829-6WHX CSRF token missing in Symfony
Description ----------- The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the...
PYSEC-2022-24
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server...