907558 matches found
DLA-2539-1 firefox-esr - security update
Bulletin has no description...
ASB-A-145728687
In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...
DSA-4807-1 openssl - security update
Bulletin has no description...
DSA-4796-1 thunderbird - security update
Bulletin has no description...
ALSA-2020:4659 Moderate: gd security update
GD is an open source code library for the dynamic creation of images by programmers. GD creates PNG, JPEG, GIF, WebP, XPM, BMP images, among other formats. Security Fixes: gd: Heap-based buffer overflow in gdImageColorMatch in gdcolormatch.c CVE-2019-6977 gd: NULL pointer dereference in...
DSA-4772-1 httpcomponents-client - security update
Bulletin has no description...
DLA-2388-1 nss - security update
Bulletin has no description...
DSA-4712-1 imagemagick - security update
Bulletin has no description...
PYSEC-2020-242
netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could allow for CL:TE or TE:TE attacks...
DSA-4676-1 salt - security update
Bulletin has no description...
CVE-2020-7226
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...
GHSA-8WX2-9Q48-VM9R RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download RFD attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from use...
DSA-4606-1 chromium - security update
Bulletin has no description...
GHSA-7XX3-M584-X994 A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack
Keepalive thread overload/DoS Impact A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the...
DLA-2008-1 nss - security update
Bulletin has no description...
CVE-2019-10212
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files...
DLA-1919-1 linux-4.9 - security update
Bulletin has no description...
DLA-1907-1 libav - security update
Bulletin has no description...
CVE-2019-15107
An issue was discovered in Webmin =1.920. The parameter old in passwordchange.cgi contains a command injection vulnerability...
DLA-1886-1 openjdk-7 - security update
Bulletin has no description...
DSA-4431-1 libssh2 - security update
Bulletin has no description...
DLA-1743-1 thunderbird - security update
Bulletin has no description...
CVE-2019-9637
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to...
DSA-4403-1 php7.0 - security update
Bulletin has no description...
DLA-1694-1 qemu - security update
Bulletin has no description...
DSA-4395-1 chromium - security update
Bulletin has no description...
DLA-1613-1 sqlite3 - security update
Bulletin has no description...
DLA-1577-1 xen - security update
Bulletin has no description...
DLA-1359-1 ruby1.8 - security update
Bulletin has no description...
DLA-1301-1 tomcat7 - security update
Bulletin has no description...
DLA-1200-1 linux - security update
Bulletin has no description...
GHSA-Q759-HWVC-M3JG actionpack Cross-site Scripting vulnerability
The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...
GHSA-GPPP-5XC5-WFPX Active Record allows bypassing of database-query restrictions
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NU...
GHSA-WPW7-WXJM-CW8R actionpack allows bypass of database-query restrictions
actionpack/lib/actiondispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query...
DSA-3966-1 ruby2.3 - security update
Bulletin has no description...
DLA-1034-1 php5 - security update
Bulletin has no description...
DLA-1007-1 icedove - security update
Bulletin has no description...
DLA-993-1 linux - security update
Bulletin has no description...
DLA-958-1 libonig - security update
Bulletin has no description...
CVE-2017-9117
In LibTIFF 4.0.6 and possibly other versions, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, as demonstrated by a heap-based buffer over-read in bmp2tiff. NOTE: mentioning bmp2tiff does not imply that the...
DSA-3842-1 tomcat7 - security update
Bulletin has no description...
DLA-906-1 firefox-esr - security update
Bulletin has no description...
DLA-896-1 icedove - security update
Bulletin has no description...
CVE-2016-10158
The exifconvertanytoint function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service application crash via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1...
DLA-731-1 imagemagick - security update
Bulletin has no description...
DLA-711-1 curl - security update
Bulletin has no description...
DLA-691-1 libxml2 - security update
Bulletin has no description...
DLA-661-1 libarchive - security update
Bulletin has no description...
DLA-634-1 dropbear - security update
Bulletin has no description...
DSA-3660-1 chromium-browser - security update
Bulletin has no description...