910807 matches found
GHSA-4HJ2-R2PM-3HC6 Incorrect Default Permissions in CRI-O
Impact A bug was found in CRI-O where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve2...
RLSA-2022:1442 Important: java-11-openjdk security update
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: Defective secure validation in Apache Santuario Libraries, 8278008 CVE-2022-21476 OpenJDK: Unbounded memory allocation when compiling crafted XPa...
GHSA-W98M-2XQG-9CVJ Remote Code Execution in paginator
There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate function. Impact There is a vulnerability in Paginator which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate...
CVE-2022-1253 Heap-based Buffer Overflow in strukturag/libde265
Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release...
CVE-2022-24771 Improper Verification of Cryptographic Signature in node-forge
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses...
CVE-2022-0778
The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...
PYSEC-2022-163
The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...
GHSA-MCG6-H362-CMQ5 Improper Authorization in cobbler
Impact If PAM is correctly configured and a user account is set to expired, the expired user-account is still able to successfully log into Cobbler in all places Web UI, CLI & XMLRPC-API. The same applies to user accounts with passwords set to be expired. Patches There is a patch for the latest...
GHSA-CRP2-QRR5-8PQ7 containerd CRI plugin: Insecure handling of image volumes
Impact A bug was found in containerd where containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup...
CVE-2022-23308
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes...
GHSA-J229-2H63-RVH9 Improper Authentication for Keycloak
A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application...
CVE-2022-23576 Integer overflow in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateOutputSize is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number ...
GHSA-VVMR-8829-6WHX CSRF token missing in Symfony
Description ----------- The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the...
PYSEC-2022-24
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server...
ALSA-2022:0258 Important: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modlua: Possible buffer overflow when parsing multipart content CVE-2021-44790 For more details about the security issues, including the impact, a CVSS score, acknowledgment...
DSA-5060-1 webkit2gtk - security update
Bulletin has no description...
PYSEC-2022-9
pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path...
DLA-2852-1 apache-log4j2 - security update
Bulletin has no description...
RLSA-2021:5160 Important: go-toolset:rhel8 security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http: limit growth of header canonicalization cache CVE-2021-44716 golang: syscall: don't close fd 0 on ForkExec error CVE-2021-44717 For more details about the...
GHSA-JVJP-VH27-R9H5 Cross-site Scripting in PiranhaCMS
In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution...
ALSA-2021:3816 Important: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxy: SSRF via a crafted request uri-path containing "unix:" CVE-2021-40438 httpd: modsession: Heap overflow via a crafted SessionHeader value CVE-2021-26691 For more...
RUSTSEC-2021-0121 Non-aligned u32 read in Chacha20 encryption and decryption
The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::fromrawpartsmut, which breaks the contract and introduces undefined behavior. This affects Chacha20 encryption and decryption in crypto2...
CVE-2021-33193
A crafted method sent through HTTP/2 will bypass validation and be forwarded by modproxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48...
UVI-2021-1001491 mISDN: fix possible use-after-free in HFC_cleanup()
mISDN: fix possible use-after-free in HFCcleanup This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.276 by commit...
UVI-2021-1001488 wl1251: Fix possible buffer overflow in wl1251_cmd_scan
wl1251: Fix possible buffer overflow in wl1251cmdscan This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.276 by commit...
UVI-2021-1001483 jfs: fix GPF in diFree
jfs: fix GPF in diFree This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.276 by commit 7bde24bde490f3139eee147efc6d60d6040fe975. For more...
UVI-2021-1001085 mac80211: fix deadlock in AP/VLAN handling
mac80211: fix deadlock in AP/VLAN handling This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.13 by commit...
ALSA-2021:2570 Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free in net/bluetooth/hcievent.c when destroying an hcichan CVE-2021-33034 kernel: security bypass in certs/blacklist.c and certs/systemkeyring.c CVE-2020-26541 For more details...
CVE-2021-26691
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow...
GHSA-V24H-PJJV-MCP6 Denial of service in Tendermint
Description Denial of Service 1 Tendermint 0.33.2 and earlier does not limit the number of P2P connection requests. For each p2p connection, Tendermint allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated due to duplicate IP or reaching a maximum...
DLA-2635-1 libspring-java - security update
Bulletin has no description...
GO-2020-0024 Infinite loop in github.com/btcsuite/go-socks
The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow...
GO-2021-0081 Insufficiently Protected Credentials in github.com/containers/image
The HTTP client used to connect to the container registry authorization service explicitly disables TLS verification, allowing an attacker that is able to MITM the connection to steal credentials...
RUSTSEC-2021-0037 Fix a use-after-free bug in diesels Sqlite backend
We've misused sqlite3columnname. The SQLite documentation states that the following: The returned string pointer is valid until either the prepared statement is destroyed by sqlite3finalize or until the statement is automatically reprepared by the first call to sqlite3step for a particular run or...
DSA-4867-1 grub2 - security update
Bulletin has no description...
ASB-A-173516292
In bindServiceLocked of ActiveServices.java, there is a possible foreground service launch due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...
GHSA-487W-PQCM-63HQ Command injection in buns
There is a command injection vulnerability in all versions of package buns. The injection point is located in line 678 in index file lib/index.js in the exported function installrequestedModule...
CVE-2020-35914
An issue was discovered in the lockapi crate before 0.4.2 for Rust. A data race can occur because of RwLockWriteGuard unsoundness...
RUSTSEC-2020-0137 AtomicBox<T> lacks bound on its Send and Sync traits allowing data races
AtomicBox is a Box type designed to be used across threads, however, it implements the Send and Sync traits for all types T. This allows non-Send types such as Rc and non-Sync types such as Cell to be used across thread boundaries which can trigger undefined behavior and memory corruption...
ALSA-2020:4670 Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. The following packages have been upgraded to a later upstream version: ipa 4.8.7, softhsm 2.6.0, opendnssec 2.1.6...
RLSA-2020:4451 Moderate: GNOME security, bug fix, and enhancement update
GNOME is the default desktop environment of Rocky Linux. The following packages have been upgraded to a later upstream version: gnome-remote-desktop 0.1.8, pipewire 0.3.6, vte291 0.52.4, webkit2gtk3 2.28.4, xdg-desktop-portal 1.6.0, xdg-desktop-portal-gtk 1.6.0. BZ1775345, BZ1779691, BZ1817143,...
DLA-2323-1 linux-4.19 - new package
Bulletin has no description...
GHSA-HXCC-F52P-WC94 Insecure serialization leading to RCE in serialize-javascript
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js". An object such as "foo": /1"/, "bar": "a"@R--0@" was serialized as "foo": /1"/, "bar": "a/1"/, which allows an attacker to escape the bar key. This requires...
DLA-2320-1 golang-github-seccomp-libseccomp-golang - security update
Bulletin has no description...
DSA-4693-1 drupal7 - security update
Bulletin has no description...
DSA-4691-1 pdns-recursor - security update
Bulletin has no description...
DLA-2051-1 intel-microcode - security update
Bulletin has no description...
DLA-2021-1 libav - security update
Bulletin has no description...
DLA-1919-1 linux-4.9 - security update
Bulletin has no description...
DLA-1907-1 libav - security update
Bulletin has no description...