907369 matches found
DSA-1999-1 xulrunner - several vulnerabilities
Bulletin has no description...
DSA-1958-1 libtool - privilege escalation
Bulletin has no description...
DSA-1950-1 webkit - several vulnerabilities
Bulletin has no description...
DSA-1783-1 mysql-dfsg-5.0 - several vulnerabilities
Bulletin has no description...
DSA-1687-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
Bulletin has no description...
DSA-1578-1 php4 - several vulnerabilities
Bulletin has no description...
DSA-1415-1 tk8.4 - buffer overflow
Bulletin has no description...
DSA-1233 kernel-source-2.6.8 - several
Bulletin has no description...
DSA-1192-1 mozilla
Bulletin has no description...
DSA-1046-1 mozilla - several
Bulletin has no description...
DSA-668-1 postgresql - privilege escalation
Bulletin has no description...
HSEC-2023-0009 git-annex command injection via malicious SSH hostname
git-annex command injection via malicious SSH hostname git-annex was vulnerable to the same class of security hole as git's CVE-2017-1000117. In several cases, git-annex parses a repository URL, and uses it to generate a ssh command, with the hostname to ssh to coming from the URL. If the hostnam...
ASB-A-395643490
In isContentUriForOtherUser of BluetoothOppSendFileInfo.java, there is a possible cross user data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
BIT-PYTHON-2025-0938 URL parser allowed square brackets in domain names
The Python standard library functions urllib.parse.urlsplit and urlparse accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in...
SUSE-SU-2024:4367-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48853: swiotlb: fix info leak with DMAFROMDEVICE bsc1228015. - CVE-2024-26801: Bluetooth: Avoid potential use-after-free in hcierrorreset bsc1222413. -...
GHSA-VRJR-P3XP-XX2X phpMyFAQ Generates an Error Message Containing Sensitive Information if database server is not available
Summary Exposure of database ie postgreSQL server's credential when connection to DB fails. Details Exposed database credentials upon misconfig/DoS @ permalink: https://github.com/thorsten/phpMyFAQ/blob/main/phpmyfaq/src/phpMyFAQ/Setup/Installer.phpL694 PoC When postgreSQL server is unreachable, ...
RHSA-2024:9991 Red Hat Security Advisory: RHOSP 17.1.4 (openstack-tripleo-common and python-tripleoclient) security update
Bulletin has no description...
CVE-2022-49021 net: phy: fix null-ptr-deref while probe() failed
In the Linux kernel, the following vulnerability has been resolved: net: phy: fix null-ptr-deref while probe failed I got a null-ptr-deref report as following when doing fault injection test: BUG: kernel NULL pointer dereference, address: 0000000000000058 Oops: 0000 1 PREEMPT SMP KASAN PTI CPU: 1...
SUSE-SU-2024:3587-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48901: btrfs: do not start relocation until in progress drops are done bsc1229607. - CVE-2022-48911: kabi: add nfqueuegetrefs for kabi compliance...
RHSA-2024:5067 Red Hat Security Advisory: kernel-rt security update
Bulletin has no description...
RHSA-2023:4413 Red Hat Security Advisory: openssh security update
Bulletin has no description...
RHSA-2022:1445 Red Hat Security Advisory: java-17-openjdk security and bug fix update
Bulletin has no description...
RHSA-2008:0261 Red Hat Security Advisory: Red Hat Network Satellite Server security update
Bulletin has no description...
RHSA-2023:3354 Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update
Bulletin has no description...
RHSA-2022:6753 Red Hat Security Advisory: httpd24-httpd security and bug fix update
Bulletin has no description...
RHSA-2022:5826 Red Hat Security Advisory: mariadb:10.5 security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2022:1975 Red Hat Security Advisory: kernel-rt security and bug fix update
Bulletin has no description...
RHSA-2020:4384 Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP5 security update
Bulletin has no description...
RHSA-2020:1624 Red Hat Security Advisory: php:7.2 security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2022:1915 Red Hat Security Advisory: httpd:2.4 security and bug fix update
Bulletin has no description...
RHSA-2019:0131 Red Hat Security Advisory: Red Hat JBoss Web Server 3.1 Service Pack 6 security and bug fix update
Bulletin has no description...
USN-6999-1 linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-lowlatency, linux-oem-6.8, linux-oracle vulnerabilities
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2024-23848 It was discovered that the JFS file system contained an...
GO-2022-1259 usememos/memos Improper Authorization vulnerability in github.com/usememos/memos
usememos/memos Improper Authorization vulnerability in github.com/usememos/memos...
GO-2022-1248 usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos
usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos...
GO-2022-1100 Vela Insecure Defaults in github.com/go-vela/server
Vela Insecure Defaults in github.com/go-vela/server...
GO-2023-1973 Rancher Access Control Vulnerability in github.com/rancher/rancher
Rancher Access Control Vulnerability in github.com/rancher/rancher...
GO-2023-1656 Answer vulnerable to Stored Cross-site Scripting in github.com/answerdev/answer
Answer vulnerable to Stored Cross-site Scripting in github.com/answerdev/answer...
GO-2024-3045 Meshery SQL Injection vulnerability in github.com/layer5io/meshery
Meshery SQL Injection vulnerability in github.com/layer5io/meshery...
DEBIAN-CVE-2022-48852
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: hdmi: Unregister codec device on unbind On bind we will register the HDMI codec device but we don't unregister it on unbind, leading to a device leakage. Unregister our device at unbind...
GHSA-HHWC-GH8H-9RRP Apache Wicket: Remote code execution via XSLT injection
The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted source without validation. Users are recommended to upgrade to versions 10.1.0, 9.18.0 or 8.16.0, which fix this issue...
GO-2024-2483 Grafana XSS via adding a link in General feature in github.com/grafana/grafana
Grafana XSS via adding a link in General feature in github.com/grafana/grafana...
CVE-2024-5737
Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a content type and as a result default text/html is used. An attacker may embed HTML tags directly in image data which is rendered by a webpage as HTML. This issue affects AdmirorFrames: before 5.0...
CVE-2024-32111
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6,...
MAL-2024-2937 Malicious code in react-router-dom-v6 (npm)
--- -= Per source details. Do not edit below this line.=-...
OPENSUSE-SU-2024:10344-1 apache2-mod_php5-5.6.28-1.1 on GA media
These are all security issues fixed in the apache2-modphp5-5.6.28-1.1 package on the GA media of openSUSE Tumbleweed...
RLSA-2024:2910 Important: nodejs security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of servi...
GO-2024-2903 Contract balance not updating correctly after interchain transaction in github.com/evmos/evmos
Contract balance not updating correctly after interchain transaction in github.com/evmos/evmos...
BIT-ENVOY-2024-34364 Envoy OOM vector from HTTP async client with unbounded response buffer for mirror response
Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory OOM vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer...
GHSA-JV32-5578-PXJC Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Today we are releasing Grafana 9.2. Alongside with new features and other bug fixes, this release includes a Moderate severity security fix for CVE-2022-31130 We are also releasing security patches for Grafana 9.1.8 and Grafana 8.5.14 to fix these issues. Release 9.2, latest release, also...
RLSA-2024:1427 Important: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...