908024 matches found
DSA-2094-1 linux-2.6 - several issues
Bulletin has no description...
DSA-2053-1 linux-2.6 - several issues
Bulletin has no description...
DSA-1958-1 libtool - privilege escalation
Bulletin has no description...
DSA-1952-1 asterisk - several vulnerabilities
Bulletin has no description...
DSA-1864-1 linux-2.6.24 - privilege escalation
Bulletin has no description...
DSA-1783-1 mysql-dfsg-5.0 - several vulnerabilities
Bulletin has no description...
DSA-1575-1 linux-2.6 - denial of service
Bulletin has no description...
DSA-1534-2 iceape - regression
Bulletin has no description...
DSA-1415-1 tk8.4 - buffer overflow
Bulletin has no description...
DSA-1363-1 linux-2.6
Bulletin has no description...
DSA-1294-1 xfree86
Bulletin has no description...
DSA-1212 openssh
Bulletin has no description...
DSA-1189-1 openssh-krb5
Bulletin has no description...
DSA-805-1 apache2 - several
Bulletin has no description...
DSA-570-1 libpng - integer overflow
Bulletin has no description...
OSV-2026-850 Heap-buffer-overflow in opus_repacketizer_out_range_impl
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=519646826 Crash type: Heap-buffer-overflow WRITE Crash state: opusrepacketizeroutrangeimpl opusrepacketizeroutrange codecparse...
USN-8352-1 libreoffice vulnerability
Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code...
GHSA-665X-PPC4-685W OpenMage LTS: Cross-user wishlist import leads to private option & file disclosure
Cross-user wishlist item import via shared wishlist code, leading to private option disclosure and file-disclosure variant Summary The shared wishlist add-to-cart endpoint authorizes access with a public sharingcode, but loads the acted-on wishlist item by a separate global wishlistitemid and nev...
RHSA-2023:5809 Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.2.2 Product Security and Bug Fix Update
Bulletin has no description...
PYSEC-2026-1 A single post-release of dydx-v4-client contained obfuscated multi-stage loader
A PyPI user account compromised by an attacker and was able to upload a malicious version 1.1.5.post1 of the dydx-v4-client package. This version contains a highly obfuscated multi-stage loader that ultimately executes malicious code on the host system. While the final payload is not visible...
GHSA-F6MR-38G8-39RG Ollama Platform has missing authentication enabling attackers to perform model management operations
A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations...
PYSEC-2025-72 After a successful phishing attack, new versions of `num2words` were published containing malware.
The num2words project was compromised via a phishing attack and two new versions were uploaded to PyPI containing malicious code. The affected versions have been removed from PyPI, and users are advised to remove the affected versions from their environments...
ASB-A-388828859
In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
GO-2025-3505 Fleet has SAML authentication vulnerability due to improper SAML response validation in github.com/fleetdm/fleet
Fleet has SAML authentication vulnerability due to improper SAML response validation in github.com/fleetdm/fleet. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...
CVE-2024-12797
Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys m...
BIT-NODE-MIN-2023-46809
Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/hkario/marvin/, if PCKS 1 v1.5 padding is allowed when performing RSA descryption using a privat...
GHSA-HVW5-3MGW-7RCF Debezium database connector has a script injection vulnerability
A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data...
SUSE-RU-2024:3971-1 Recommended update for mojo-parent
This update for mojo-parent fixes the following issues: xalan-j2 was updated from version 2.7.2 to 2.7.3: - Security issues fixed: CVE-2022-34169: Fixed integer truncation issue when processing malicious XSLT stylesheets bsc1201684 - Changes and Bugs fixed: Java 8 is now the minimum requirement...
MGASA-2024-0344 Updated kernel-linus packages fix security vulnerabilities
Vanilla upstream kernel version 6.6.58 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...
RHSA-2024:0894 Red Hat Security Advisory: mysql:8.0 security update
Bulletin has no description...
RHSA-2023:5849 Red Hat Security Advisory: nodejs:18 security update
Bulletin has no description...
CVE-2024-31228 Denial-of-service due to unbounded pattern matching in Redis
Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremel...
BIT-PYTHON-2022-45061
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...
RHSA-2023:6171 Red Hat Security Advisory: Red Hat Product OCP Tools 4.11 Openshift Jenkins security update
Bulletin has no description...
RHSA-2024:7000 Red Hat Security Advisory: kernel security update
Bulletin has no description...
RHSA-2024:4352 Red Hat Security Advisory: kernel-rt security and bug fix update
Bulletin has no description...
RHSA-2022:1445 Red Hat Security Advisory: java-17-openjdk security and bug fix update
Bulletin has no description...
RHSA-2022:1988 Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2020:0912 Red Hat Security Advisory: tomcat6 security update
Bulletin has no description...
RHSA-2018:0479 Red Hat Security Advisory: JBoss Enterprise Application Platform 7.1.1 on RHEL 6
Bulletin has no description...
RHSA-2019:2343 Red Hat Security Advisory: httpd security and bug fix update
Bulletin has no description...
RHSA-2018:0275 Red Hat Security Advisory: jboss-ec2-eap security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2018:0268 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.19 security update
Bulletin has no description...
GO-2022-1217 usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos
usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos...
GO-2022-1200 Elrond-GO processing: fallback search of SCRs when not found in the main cache in github.com/ElrondNetwork/elrond-go
Elrond-GO processing: fallback search of SCRs when not found in the main cache in github.com/ElrondNetwork/elrond-go...
GO-2022-1100 Vela Insecure Defaults in github.com/go-vela/server
Vela Insecure Defaults in github.com/go-vela/server...
GO-2022-1099 OpenFGA Authorization Bypass in github.com/openfga/openfga
OpenFGA Authorization Bypass in github.com/openfga/openfga...
GO-2022-0781 Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) in github.com/goharbor/harbor
Harbor is vulnerable to a limited Server-Side Request Forgery SSRF CVE-2020-13788 in github.com/goharbor/harbor...
GO-2022-0500 CloudCore UDS Server: Malicious Message can crash CloudCore in github.com/kubeedge/kubeedge
CloudCore UDS Server: Malicious Message can crash CloudCore in github.com/kubeedge/kubeedge...
GO-2023-2084 OpenFGA Vulnerable to DoS from circular relationship definitions in github.com/openfga/openfga
OpenFGA Vulnerable to DoS from circular relationship definitions in github.com/openfga/openfga...