907947 matches found
DLA-88-1 ruby1.8 - security update
Bulletin has no description...
DSA-2873-1 file - several
Bulletin has no description...
DSA-2666-1 xen - several
Bulletin has no description...
UBUNTU-CVE-2012-5875
Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service NULL pointer dereference via a 1 crafted Connection HTTP header; a return carriage control character in the 2 Accept Language header, 3 User-agent header, 4 Host header, or 5 protocol version; or a 6 crafted HTTP...
DSA-2301-2 rails - several
Bulletin has no description...
DSA-2338-1 moodle - several
Bulletin has no description...
DSA-2120-1 postgresql-8.3 - privilege escalation
Bulletin has no description...
DSA-1962-1 kvm - several vulnerabilities
Bulletin has no description...
DSA-1653-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
Bulletin has no description...
DSA-1494-1 linux-2.6 - privilege escalation
Bulletin has no description...
DSA-1233 kernel-source-2.6.8 - several
Bulletin has no description...
DSA-1219 texinfo
Bulletin has no description...
DSA-1192-1 mozilla
Bulletin has no description...
DSA-919-2 curl - buffer overflow
Bulletin has no description...
DSA-668-1 postgresql - privilege escalation
Bulletin has no description...
DSA-480 linux-kernel-2.4.17+2.4.18-hppa - several vulnerabilities
Bulletin has no description...
DSA-295 pptpd - buffer overflow
Bulletin has no description...
MAL-2026-6210 Malicious code in @apexcraft/nano-key (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c46938b3634fb4de89ddf44b765e1c766c871a40fb31c54609c1b3526074e65c @apexcraft/nano-key advertises itself as a 12-byte sortable ID generator README and repository metadata are copied from yiwen-ai/xid-ts, an unrelated...
OSV-2026-850 Heap-buffer-overflow in opus_repacketizer_out_range_impl
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=519646826 Crash type: Heap-buffer-overflow WRITE Crash state: opusrepacketizeroutrangeimpl opusrepacketizeroutrange codecparse...
GO-2025-3930 Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve
Soft Serve vulnerable to arbitrary file writing through SSH API in github.com/charmbracelet/soft-serve...
AZL-67061 CVE-2025-9901 affecting package libsoup 3.0.4-12
A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on request headers such as language or authentication. Without this check, cached content can be...
BIT-PYTHON-2025-0938 URL parser allowed square brackets in domain names
The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...
GO-2025-3505 Fleet has SAML authentication vulnerability due to improper SAML response validation in github.com/fleetdm/fleet
Fleet has SAML authentication vulnerability due to improper SAML response validation in github.com/fleetdm/fleet. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...
SUSE-SU-2024:3984-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too bsc1226797. - CVE-2024-41031: mm/filemap: skip to create PMD-sized...
SUSE-RU-2024:3971-1 Recommended update for mojo-parent
This update for mojo-parent fixes the following issues: xalan-j2 was updated from version 2.7.2 to 2.7.3: - Security issues fixed: CVE-2022-34169: Fixed integer truncation issue when processing malicious XSLT stylesheets bsc1201684 - Changes and Bugs fixed: Java 8 is now the minimum requirement...
MGASA-2024-0344 Updated kernel-linus packages fix security vulnerabilities
Vanilla upstream kernel version 6.6.58 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...
CVE-2022-49021 net: phy: fix null-ptr-deref while probe() failed
In the Linux kernel, the following vulnerability has been resolved: net: phy: fix null-ptr-deref while probe failed I got a null-ptr-deref report as following when doing fault injection test: BUG: kernel NULL pointer dereference, address: 0000000000000058 Oops: 0000 1 PREEMPT SMP KASAN PTI CPU: 1...
CVE-2024-31227 Denial-of-service due to malformed ACL selectors in Redis
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users...
DLA-3909-1 zabbix - security update
Bulletin has no description...
RHSA-2023:6171 Red Hat Security Advisory: Red Hat Product OCP Tools 4.11 Openshift Jenkins security update
Bulletin has no description...
RHSA-2024:7000 Red Hat Security Advisory: kernel security update
Bulletin has no description...
RHSA-2024:4831 Red Hat Security Advisory: kernel-rt security update
Bulletin has no description...
RHSA-2023:3884 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.4 security update on RHEL 8
Bulletin has no description...
CVE-2024-47177
Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176. Reason: This candidate is a duplicate of CVE-2024-47076, CVE-2024-47175, and CVE-2024-47176. Notes: All CVE users should reference CVE-2024-47076, CVE-2024-47175, and/or...
RHSA-2019:2955 Red Hat Security Advisory: rh-nodejs8-nodejs security update
Bulletin has no description...
GHSA-RRR8-F88R-H8Q6 find-my-way has a ReDoS vulnerability in multiparametric routes
Impact A bad regular expression is generated any time you have two parameters within a single segment, when adding a - at the end, like /:a-:b-. Patches Update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. Workarounds No known workarounds. References - CVE-2024-45296 - Detailed blog po...
RHSA-2023:4413 Red Hat Security Advisory: openssh security update
Bulletin has no description...
RHSA-2022:1445 Red Hat Security Advisory: java-17-openjdk security and bug fix update
Bulletin has no description...
RHSA-2020:0912 Red Hat Security Advisory: tomcat6 security update
Bulletin has no description...
RHSA-2014:0215 Red Hat Security Advisory: cfme security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2023:3354 Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update
Bulletin has no description...
RHSA-2022:5826 Red Hat Security Advisory: mariadb:10.5 security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2020:1624 Red Hat Security Advisory: php:7.2 security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2018:0271 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.19 security update
Bulletin has no description...
RHSA-2018:0583 Red Hat Security Advisory: rh-ruby22-ruby security, bug fix, and enhancement update
Bulletin has no description...
GO-2022-1261 usememos/memos Improper Access Control vulnerability in github.com/usememos/memos
usememos/memos Improper Access Control vulnerability in github.com/usememos/memos...
GO-2022-1217 usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos
usememos/memos makes Incorrect Use of Privileged APIs in github.com/usememos/memos...
GO-2022-1189 usememos/memos vulnerable to stored cross-site scripting (XSS) in github.com/usememos/memos
usememos/memos vulnerable to stored cross-site scripting XSS in github.com/usememos/memos...
GO-2024-3075 CVE-2024-7646 in github.com/kubernetes/ingress-nginx
CVE-2024-7646 in github.com/kubernetes/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the...
ALSA-2024:5193 Important: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Security issues via?backend applications whose response headers are malicious or exploitable CVE-2024-38476 For more details about the security issues, including the impact,...