907757 matches found
CVE-2021-28693
xen/arm: Boot modules are not scrubbed The bootloader will load boot modules e.g. kernel, initramfs... in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page over to the...
UVI-2021-1001090 net: bridge: fix vlan tunnel dst refcnt when egressing
net: bridge: fix vlan tunnel dst refcnt when egressing This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.13 by commit...
RLSA-2021:2570 Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use-after-free in net/bluetooth/hcievent.c when destroying an hcichan CVE-2021-33034 kernel: security bypass in certs/blacklist.c and certs/systemkeyring.c CVE-2020-26541 For more details...
GHSA-7JR6-PRV4-5WF5 Duplicate Advisory: Helm passes repository credentials to alternate domain
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-56hp-xqp3-w2jf. This link is maintained to preserve external references. Original Description Helm is a tool for managing Charts packages of pre-configured Kubernetes resources. In versions of helm prior to 3.6....
ASB-A-174886838
In smpprocesspairingpublickey of smpact.cc, there is a possible interception of Bluetooth pairing from an on-path attacker due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitati...
ASB-A-173843328
In hidinputchangeresolutionmultipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
OSV-2021-777 Heap-use-after-free in xmlAddNextSibling
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34461 Crash type: Heap-use-after-free READ 4 Crash state: xmlAddNextSibling xmlXIncludeCopyRange xmlXIncludeCopyXPointer...
RLSA-2021:1581 Moderate: sqlite security update
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...
CVE-2021-29488
SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the filesystem.renamer function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released as part of SABnzbd 3.2.1RC1. As a workaround,...
CVE-2021-22208
An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update...
DLA-2650-1 exim4 - security update
Bulletin has no description...
DSA-4909-1 bind9 - security update
Bulletin has no description...
GO-2021-0063 Nil pointer dereference via malicious RPC message in github.com/ethereum/go-ethereum
Due to a nil pointer dereference, a maliciously crafted RPC message can cause a panic. If handling RPC messages from untrusted clients, this may be used as a denial of service vector...
DLA-2619-1 python3.5 - security update
Bulletin has no description...
CVE-2021-21409
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty io.netty:netty-codec-http2 before version 4.1.61.Final there is a vulnerability that enables request smuggling. The...
DLA-2583-1 activemq - security update
Bulletin has no description...
CVE-2020-24036
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code...
DSA-4858-1 chromium - security update
Bulletin has no description...
ALSA-2021:0558 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: locking issue in drivers/tty/ttyjobctrl.c can lead to an use-after-free CVE-2020-29661 kernel: performance counters race condition use-after-free CVE-2020-14351 kernel: ICMP rate limiting...
RLSA-2021:0538 Moderate: nss security and bug fix update
Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fixes: nss: Side channel attack on ECDSA signature generation CVE-2020-6829 nss: P-384 and P-521 implementation uses a side-channel...
CVE-2019-25017
An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned only directory traversa...
PYSEC-2021-71
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled...
ALSA-2020:5503 Moderate: mariadb-connector-c security, bug fix, and enhancement update
The MariaDB Native Client library C driver is used to connect applications developed in C/C++ to MariaDB and MySQL databases. The following packages have been upgraded to a later upstream version: mariadb-connector-c 3.1.11. BZ1898993 Security Fixes: mysql: C API unspecified vulnerability CPU Apr...
RUSTSEC-2020-0088 MPMCConsumer/Producer allows sending non-Send type across threads
Affected versions of this crate unconditionally implemented Sync and Send traits for MPMCConsumer and MPMCProducer types. This allows users to send types that do not implement Send trait across thread boundaries, which can cause a data race. The flaw was corrected in the 2.0.1 release by adding T...
CVE-2020-28053
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6...
RUSTSEC-2020-0081 `mio` invalidly assumes the memory layout of std::net::SocketAddr
The mio crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...
DSA-4777-1 freetype - security update
Bulletin has no description...
CVE-2020-26870
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements...
CVE-2020-25791
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit...
ALSA-2020:3662 Moderate: php:7.3 security, bug fix, and enhancement update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.3.20. BZ1856655 Security Fixes: php: Out-of-bounds read due to integer overflow in iconvmimedecodeheaders CVE-2019-11039 php: Buffer...
GHSA-RMMC-8CQJ-HFP3 Authentication Bypass in otpauth
Versions of otpauth prior to 3.2.8 are vulnerable to Authentication Bypass. The package's totp.validate function may return positive values for single digit tokens even if they are invalid. This may allow attackers to bypass the OTP authentication by providing single digit tokens. Recommendation...
DSA-4752-1 bind9 - security update
Bulletin has no description...
PYSEC-2020-70
In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk...
ASB-A-157941353
In androidverityctr of dm-android-verity.c, there is a possible way to modify a dm-verity protected filesystem due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-153715664
In inputdefaultsetkeycode of input.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-156261521
In DecodeImage of dnglosslessjpeg.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...
DLA-2247-1 thunderbird - security update
Bulletin has no description...
GHSA-F7HX-FQXW-RVVJ Insufficient output escaping of attachment names in PHPMailer
Impact CWE-116: Incorrect output escaping. An attachment added like this note the double quote within the attachment name, which is entirely valid: $mail-addAttachment'/tmp/attachment.tmp', 'filename.html";.jpg'; Will result in a message containing these headers: Content-Type:...
DLA-2217-1 tomcat7 - security update
Bulletin has no description...
DLA-2118-1 otrs2 - security update
Bulletin has no description...
DSA-4632-1 ppp - security update
Bulletin has no description...
CVE-2020-7060
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbflfiltconvbig5wchar to read past the allocated buffer. This may lead to information disclosur...
DSA-4596-1 tomcat8 - security update
Bulletin has no description...
DSA-4571-1 thunderbird - security update
Bulletin has no description...
DSA-4564-1 linux - security update
Bulletin has no description...
CVE-2019-11043
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution...
PYSEC-2019-116
Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper aka Redis Wrapper before 0.3.0 allows attackers to execute arbitrary scripts...
DSA-4503-1 golang-1.11 - security update
Bulletin has no description...
DSA-4497-1 linux - security update
Bulletin has no description...
DSA-4495-1 linux - security update
Bulletin has no description...