907794 matches found
DSA-1534-2 iceape - regression
Bulletin has no description...
DSA-1415-1 tk8.4 - buffer overflow
Bulletin has no description...
DSA-1363-1 linux-2.6
Bulletin has no description...
DSA-1294-1 xfree86
Bulletin has no description...
DSA-1212 openssh
Bulletin has no description...
DSA-1189-1 openssh-krb5
Bulletin has no description...
DSA-1046-1 mozilla - several
Bulletin has no description...
DSA-805-1 apache2 - several
Bulletin has no description...
DSA-570-1 libpng - integer overflow
Bulletin has no description...
USN-8352-1 libreoffice vulnerability
Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code...
RHSA-2026:19225 Red Hat Security Advisory: kernel security update
Bulletin has no description...
GHSA-665X-PPC4-685W OpenMage LTS: Cross-user wishlist import leads to private option & file disclosure
Cross-user wishlist item import via shared wishlist code, leading to private option disclosure and file-disclosure variant Summary The shared wishlist add-to-cart endpoint authorizes access with a public sharingcode, but loads the acted-on wishlist item by a separate global wishlistitemid and nev...
RHSA-2023:5809 Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.2.2 Product Security and Bug Fix Update
Bulletin has no description...
PYSEC-2026-1 A single post-release of dydx-v4-client contained obfuscated multi-stage loader
A PyPI user account compromised by an attacker and was able to upload a malicious version 1.1.5.post1 of the dydx-v4-client package. This version contains a highly obfuscated multi-stage loader that ultimately executes malicious code on the host system. While the final payload is not visible...
GHSA-F6MR-38G8-39RG Ollama Platform has missing authentication enabling attackers to perform model management operations
A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations...
GO-2025-3997 github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks in github.com/MANTRA-Chain/mantrachain
github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks in github.com/MANTRA-Chain/mantrachain...
PYSEC-2025-72 After a successful phishing attack, new versions of `num2words` were published containing malware.
The num2words project was compromised via a phishing attack and two new versions were uploaded to PyPI containing malicious code. The affected versions have been removed from PyPI, and users are advised to remove the affected versions from their environments...
ASB-A-388828859
In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
GO-2025-3503 HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...
CVE-2024-12797
Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys m...
BIT-NODE-MIN-2023-46809
Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/hkario/marvin/, if PCKS 1 v1.5 padding is allowed when performing RSA descryption using a privat...
GHSA-HVW5-3MGW-7RCF Debezium database connector has a script injection vulnerability
A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data...
GHSA-3VPC-4P9P-47HC curl_cffi bundles a version of libcurl affected by High Severity vulnerability
Summary curlcffi is potentially affected by High Severity vulnerability CVE-2023-38545 in libcurl=8.5, which is not affected by this issue...
RHSA-2024:0894 Red Hat Security Advisory: mysql:8.0 security update
Bulletin has no description...
RHSA-2023:5849 Red Hat Security Advisory: nodejs:18 security update
Bulletin has no description...
CVE-2024-31228 Denial-of-service due to unbounded pattern matching in Redis
Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremel...
BIT-PYTHON-2022-45061
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...
RHSA-2024:4352 Red Hat Security Advisory: kernel-rt security and bug fix update
Bulletin has no description...
RHSA-2022:1988 Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2018:0479 Red Hat Security Advisory: JBoss Enterprise Application Platform 7.1.1 on RHEL 6
Bulletin has no description...
RHSA-2019:2343 Red Hat Security Advisory: httpd security and bug fix update
Bulletin has no description...
RHSA-2018:0275 Red Hat Security Advisory: jboss-ec2-eap security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2018:0268 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.19 security update
Bulletin has no description...
RHSA-2014:1765 Red Hat Security Advisory: php54-php security update
Bulletin has no description...
GO-2024-3088 memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos
memos CORS Misconfiguration in server.go GHSL-2024-034 in github.com/usememos/memos...
GO-2022-1218 usememos/memos Improper Access Control vulnerability in github.com/usememos/memos
usememos/memos Improper Access Control vulnerability in github.com/usememos/memos...
GO-2022-1200 Elrond-GO processing: fallback search of SCRs when not found in the main cache in github.com/ElrondNetwork/elrond-go
Elrond-GO processing: fallback search of SCRs when not found in the main cache in github.com/ElrondNetwork/elrond-go...
GO-2022-1100 Vela Insecure Defaults in github.com/go-vela/server
Vela Insecure Defaults in github.com/go-vela/server...
GO-2022-1099 OpenFGA Authorization Bypass in github.com/openfga/openfga
OpenFGA Authorization Bypass in github.com/openfga/openfga...
GO-2022-0781 Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) in github.com/goharbor/harbor
Harbor is vulnerable to a limited Server-Side Request Forgery SSRF CVE-2020-13788 in github.com/goharbor/harbor...
GO-2022-0500 CloudCore UDS Server: Malicious Message can crash CloudCore in github.com/kubeedge/kubeedge
CloudCore UDS Server: Malicious Message can crash CloudCore in github.com/kubeedge/kubeedge...
GO-2024-3049 memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos
memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos...
GO-2024-2987 Skupper uses a static cookie secret for the openshift oauth-proxy in github.com/skupperproject/skupper
Skupper uses a static cookie secret for the openshift oauth-proxy in github.com/skupperproject/skupper...
CVE-2024-38472
SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new...
MAL-2024-2074 Malicious code in demon-slayer-kimetsu-no-yaiba-to-the-swordsmith-village-online-movie-free-on-123movies (npm)
--- -= Per source details. Do not edit below this line.=-...
OPENSUSE-SU-2024:13707-1 dnsmasq-2.90-1.1 on GA media
These are all security issues fixed in the dnsmasq-2.90-1.1 package on the GA media of openSUSE Tumbleweed...
GO-2024-2798 Mattermost fails to limit the number of active sessions in github.com/mattermost/mattermost-server
Mattermost fails to limit the number of active sessions in github.com/mattermost/mattermost-server...
GO-2024-2764 Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them in github.com/rancher/rancher
Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them in github.com/rancher/rancher...
GO-2024-2866 Submariner Operator sets unnecessary RBAC permissions in helm charts in github.com/submariner-io/submariner-operator
Submariner Operator sets unnecessary RBAC permissions in helm charts in github.com/submariner-io/submariner-operator...
BIT-NGINX-2024-24990 NGINX HTTP/3 QUIC vulnerability
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...