908419 matches found
CVE-2016-2105
Integer overflow in the EVPEncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service heap memory corruption via a large amount of binary data...
DSA-3548-2 samba - regression update
Bulletin has no description...
DLA-435-1 tomcat6 - security update
Bulletin has no description...
DSA-3469-1 qemu - security update
Bulletin has no description...
DSA-3413-1 openssl - security update
Bulletin has no description...
DLA-358-1 openssl - security update
Bulletin has no description...
DLA-355-1 libxml2 - security update
Bulletin has no description...
DLA-335-1 ntp - security update
Bulletin has no description...
DSA-3351-1 chromium-browser - security update
Bulletin has no description...
DLA-284-1 apache2 - security update
Bulletin has no description...
DLA-266-1 libxml2 - security update
Bulletin has no description...
DLA-263-1 ruby1.9.1 - security update
Bulletin has no description...
DLA-246-2 linux-2.6 - security update
Bulletin has no description...
DLA-189-1 libgd2 - security update
Bulletin has no description...
DSA-3197-2 openssl - regression update
Bulletin has no description...
DLA-156-1 samba - security update
Bulletin has no description...
DLA-114-1 heirloom-mailx - security update
Bulletin has no description...
DSA-2994-1 nss - security update
Bulletin has no description...
DSA-2896-1 openssl - security update
Bulletin has no description...
UBUNTU-CVE-2011-1350
The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device...
DSA-2579-1 apache2 - several
Bulletin has no description...
DSA-2458-1 iceape - several
Bulletin has no description...
DSA-2135-1 xpdf - several vulnerabilities
Bulletin has no description...
PYSEC-2010-27
Race condition in ZEO/StorageServer.py in Zope Object Database ZODB before 3.10.0 allows remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpect...
DSA-2113-1 drupal6 - several vulnerabilities
Bulletin has no description...
DSA-2094-1 linux-2.6 - several issues
Bulletin has no description...
DSA-2053-1 linux-2.6 - several issues
Bulletin has no description...
DSA-1958-1 libtool - privilege escalation
Bulletin has no description...
DSA-1952-1 asterisk - several vulnerabilities
Bulletin has no description...
DSA-1783-1 mysql-dfsg-5.0 - several vulnerabilities
Bulletin has no description...
DSA-1575-1 linux-2.6 - denial of service
Bulletin has no description...
DSA-1534-2 iceape - regression
Bulletin has no description...
DSA-1415-1 tk8.4 - buffer overflow
Bulletin has no description...
DSA-1363-1 linux-2.6
Bulletin has no description...
DSA-1294-1 xfree86
Bulletin has no description...
DSA-1212 openssh
Bulletin has no description...
DSA-1189-1 openssh-krb5
Bulletin has no description...
DSA-570-1 libpng - integer overflow
Bulletin has no description...
USN-8352-1 libreoffice vulnerability
Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code...
GHSA-665X-PPC4-685W OpenMage LTS: Cross-user wishlist import leads to private option & file disclosure
Cross-user wishlist item import via shared wishlist code, leading to private option disclosure and file-disclosure variant Summary The shared wishlist add-to-cart endpoint authorizes access with a public sharingcode, but loads the acted-on wishlist item by a separate global wishlistitemid and nev...
RHSA-2023:5809 Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.2.2 Product Security and Bug Fix Update
Bulletin has no description...
GHSA-F6MR-38G8-39RG Ollama Platform has missing authentication enabling attackers to perform model management operations
A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations...
PYSEC-2025-72 After a successful phishing attack, new versions of `num2words` were published containing malware.
The num2words project was compromised via a phishing attack and two new versions were uploaded to PyPI containing malicious code. The affected versions have been removed from PyPI, and users are advised to remove the affected versions from their environments...
ASB-A-388828859
In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2024-12797
Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys m...
BIT-NODE-MIN-2023-46809
Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/hkario/marvin/, if PCKS 1 v1.5 padding is allowed when performing RSA descryption using a privat...
GHSA-HVW5-3MGW-7RCF Debezium database connector has a script injection vulnerability
A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data...
SUSE-RU-2024:3971-1 Recommended update for mojo-parent
This update for mojo-parent fixes the following issues: xalan-j2 was updated from version 2.7.2 to 2.7.3: - Security issues fixed: CVE-2022-34169: Fixed integer truncation issue when processing malicious XSLT stylesheets bsc1201684 - Changes and Bugs fixed: Java 8 is now the minimum requirement...
RHSA-2024:0894 Red Hat Security Advisory: mysql:8.0 security update
Bulletin has no description...
RHSA-2023:5849 Red Hat Security Advisory: nodejs:18 security update
Bulletin has no description...