905908 matches found
BIT-ELASTICSEARCH-2024-23444 Elasticsearch elasticsearch-certutil csr fails to encrypt private key
It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command...
BIT-GITLAB-2023-7045 Cross-Site Request Forgery (CSRF) in GitLab
A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server KAS...
BIT-APACHE-2023-43622 Apache HTTP Server: DoS in HTTP/2 with initial windows size 0
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...
CVE-2023-46303
linktolocalpath in ebooks/conversion/plugins/htmlinput.py in calibre before 6.19.0 can, by default, add resources outside of the document root...
GO-2022-0969 Denial of service in net/http and golang.org/x/net/http2
HTTP/2 server connections can hang forever waiting for a clean shutdown that was preempted by a fatal error. This condition can be exploited by a malicious client to cause a denial of service...
GHSA-6JHM-4VMX-MR76 SQL injection in Moodle
A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data...
GHSA-Q4M3-2J7H-F7XW Cross-Site Scripting in jquery
Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove HTML tags that contain a whitespace character, i.e: , which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a...
BIT-PYTHON-2021-29921
In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This in some situations allows attackers to bypass access control that is based on IP addresses...
OSV-2021-1069 Segv on unknown address in helper_uc_tracecode
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36616 Crash type: Segv on unknown address Crash state: helpeructracecode...
CVE-2018-10756
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted torrent file...
DLA-841-2 apache2 - regression update
Bulletin has no description...
CVE-2025-29923 go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment
go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when CLIENT SETINFO times out during connection establishment. This can happen when the client is configured to transmit its identity, there...
BIT-GITLAB-2024-4278 Incorrect Synchronization in GitLab
An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting...
BIT-NGINX-2023-44487
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
GHSA-PF38-5P22-X6H6 Code Injection in pyload-ng
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31...
GHSA-J7C3-96RF-JRRP Critical vulnerability in log4j may affect generated PEAR projects
Impact UIMA PEAR projects that have been generated with the de.averbis.textanalysis:pear-archetype version 2.0.0 have a maven dependency with scope test to log4j 2.8.2 and might be affected by CVE-2021-44228. Patches - The issue has been resolved in de.averbis.textanalysis:pear-archetype version...
GHSA-9WV6-86V2-598J path-to-regexp outputs backtracking regular expressions
Impact A bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period .. For example, /:a-:b. Patches For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0. These versions add backtrack protection...
GHSA-97M3-52WR-XVV2 Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE
Summary A lack of sanitization/check in the font path returned by php-svg-lib, in the case of a inline CSS font defined, that will be used by Cpdf to open a font will be passed to a fileexists call, which is sufficient to trigger metadata unserializing on a PHAR file, through the phar:// URL...
GHSA-Q7RV-6HP3-VH96 Improper Input Validation in guzzlehttp/psr7
Impact Improper header parsing. An attacker could sneak in a carriage return character \r and pass untrusted values in both the header names and values. Patches The issue is patched in 1.8.4 and 2.1.1. Workarounds There are no known workarounds. References...
GHSA-3GX9-37WW-9QW6 Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured
In Spring Cloud Gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed, and unsecured. A remote attacker could make a maliciously crafted request resulting in arbitrary remote execution on the...
GHSA-36J3-XXF7-4PQG Android WebView Universal Cross-site Scripting
A universal cross-site scripting UXSS vulnerability, CVE-2020-6506 https://crbug.com/1083819, has been identified in the Android WebView system component, which allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. This vulnerability affects React Native apps whic...
GHSA-Q95H-CQRV-8JV5 ExifTool vulnerable to arbitrary code execution
Impact Arbitrary code execution can occur when running exiftool against files with hostile metadata payloads Patches ExifTool has already been patched in version 12.24. exiftoolvendored.rb, which vendors ExifTool, includes this patch in v12.25.0. Workarounds No References...
GHSA-FPFV-JQM9-F5JM Incorrect Comparison in NumPy
Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects...
DLA-2392-1 jruby - security update
Bulletin has no description...
GHSA-C427-HJC3-WRFW Cross-site scripting in Swagger-UI
A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...
BIT-REDIS-2024-31228 Denial-of-service due to unbounded pattern matching in Redis
Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremel...
CVE-2022-42898
PAC parsing in MIT Kerberos 5 aka krb5 before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution in KDC, kadmind, or a GSS or Kerberos application server on 32-bit platforms which have a resultant heap-based buffer overflow, and cause a denial of service ...
BIT-PHP-2024-2408 PHP is vulnerable to the Marvin Attack
The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...
GO-2023-2153 Denial of service from HTTP/2 Rapid Reset in google.golang.org/grpc
An attacker can send HTTP/2 requests, cancel them, and send subsequent requests. This is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit, grpc.MaxConcurrentStreams. This results in a denial of...
GHSA-J646-GJ5P-P45G CefSharp affected by heap buffer overflow in WebP
Google is aware that an exploit for CVE-2023-4863 exists in the wild. Description Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical References -...
GHSA-H376-J262-VHQ6 RCE in H2 Console
Impact H2 Console in versions since 1.1.100 2008-10-14 to 2.0.204 2021-12-21 inclusive allows loading of custom classes from remote servers through JNDI. H2 Console doesn't accept remote connections by default. If remote access was enabled explicitly and some protection method such as security...
BIT-MARIADB-2023-52969
MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11., and 11.0 through 11.0. can sometimes crash with an empty backtrace log. This may be related to makeaggrtablesinfo and optimizestage2...
GHSA-R5FX-8R73-V86C AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes
Versions of angular prior to 1.5.0-beta.1 are vulnerable to Cross-Site Scripting. The package fails to sanitize xlink:href attributes, which may allow attackers to execute arbitrary JavaScript in a victim's browser if the value is user-controlled. Recommendation Upgrade to version 1.5.0-beta.1 or...
GHSA-FX46-WHRJ-73V5 Bypassing Sanitization using DOM clobbering in html-janitor
All versions of html-janitor are vulnerable to cross-site scripting XSS. Arbitrary HTML can pass the sanitization process, which can be unexpected and dangerous XSS in case user-controlled input is passed to the clean function." Recommendation Upgrade to version 2.0.4 or later...
DSA-332 linux-kernel-2.4.17 - several vulnerabilities
Bulletin has no description...
BIT-MARIADB-2023-52968
MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 calls fixfieldsifneeded under mysqlderivedprepare when derived is not yet prepared, leading to a findfieldintable crash...
BIT-APACHE-2021-40438 mod_proxy SSRF
A crafted request uri-path can cause modproxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier...
CVE-2023-48795
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...
GHSA-4WM2-CWCF-WWVP Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites
Impact The Tauri IPC is usually strictly isolated from external websites but the isolation can be bypassed by redirecting an existing Tauri window to an external website. This is either possible by an application implementing a feature for users to visit arbitrary websites or due to a bug allowin...
GHSA-PV7H-HX5H-MGFJ Unsafe deserialization in com.alibaba:fastjson
The package com.alibaba:fastjson before 1.2.83 is vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not...
GHSA-4VVJ-4CPR-P986 Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS
Summary We discovered a DOM Clobbering vulnerability in Webpack’s AutoPublicPathRuntimeModule. The DOM Clobbering gadget in the module can lead to cross-site scripting XSS in web pages where scriptless attacker-controlled HTML elements e.g., an img tag with an unsanitized name attribute are...
GHSA-QCJ6-JQRG-4WP2 Template injection in thymeleaf-spring5
In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution...
OSV-2021-542 Heap-buffer-overflow in luaG_getfuncline
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32279 Crash type: Heap-buffer-overflow READ 1 Crash state: luaGgetfuncline luaGrunerror luaDgrowstack...
BIT-GITLAB-2025-2469 Debug Messages Revealing Unnecessary Information in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.9.6, and 17.10 before 17.10.4. The runtime profiling data of a specific service was accessible to unauthenticated users...
BIT-GITLAB-2024-11828 Inefficient Algorithmic Complexity in GitLab
A denial of service DoS condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regression of an earlie...
MAL-2023-1539 Malicious code in angl-archtslint (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis e5d9cbbc6608e412a429d0d62fb5d10c38aa9be4ceb86df876f1f1aaafeb52ec The OpenSSF Package Analysis project identified 'angl-archtslint' @ 2.0.0 npm as malicious. It is considered malicious because: - The package...
DLA-2330-1 jruby - security update
Bulletin has no description...
DLA-841-1 apache2 - security update
Bulletin has no description...
BIT-GITLAB-2025-2408 Insufficient Granularity of Access Control in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions users could bypass IP access restrictions and view sensitive information...
BIT-REDIS-2024-31227 Denial-of-service due to malformed ACL selectors in Redis
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users...