907363 matches found
GO-2022-0213 Panic on invalid DSA public keys in crypto/dsa
Invalid DSA public keys can cause a panic in dsa.Verify. In particular, using crypto/x509.Verify on a crafted X.509 certificate chain can lead to a panic, even if the certificates don't chain to a trusted root. The chain can be delivered via a crypto/tls connection to a client, or to a server tha...
GHSA-G6MC-8679-GHX9 ChakraCore RCE Vulnerability
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0767...
GHSA-R4MW-GXF7-VXR9 Remote code execution in Microsoft.WindowsDesktop.App.Ref
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'...
GHSA-R34V-GQMW-QVGJ Podman Symlink Vulnerability
An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a...
RUSTSEC-2022-0030 Stack overflow during recursive expression parsing
When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. The flaw was corrected in commits 60aa2dc03a by adding a check ...
GO-2022-0289 Misdirected I/O in syscall
When a Go program running on a Unix system is out of file descriptors and calls syscall.ForkExec including indirectly by using the os/exec package, syscall.ForkExec can close file descriptor 0 as it fails. If this happens or can be provoked repeatedly, it can result in misdirected I/O such as...
GHSA-RVQ6-MRPV-M6RM Code Injection in Django
The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path."...
DSA-5139-1 openssl - security update
Bulletin has no description...
GHSA-9X97-X2P9-HVPF Fileutils Command Injection vulnerability
Ruby Gem Fileutils prior to v0.7.1 contains a Command Injection vulnerability in user supplied url variable that is passed to the shell...
GHSA-PJQH-2JCC-5J84 Improper Authentication in Pivotal Spring-LDAP
In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting...
RLSA-2022:2200 Important: .NET 5.0 security, bug fix, and enhancement update
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 5.0.214 and .NET Core...
ALSA-2022:1777 Moderate: webkit2gtk3 security, bug fix, and enhancement update
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. The following packages have been upgraded to a later upstream version: webkit2gtk3 2.34.6. BZ1985042 Security Fixes: webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use...
ALSA-2022:1764 Moderate: python38:3.8 and python38-devel:3.8 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following...
DSA-5133-1 qemu - security update
Bulletin has no description...
CVE-2022-29173 No protection against rollback attacks in go-tuf
go-tuf is a Go implementation of The Update Framework TUF. go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to...
DLA-2993-1 libz-mingw-w64 - security update
Bulletin has no description...
CVE-2022-1292
The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the...
CVE-2022-1343
The function OCSPbasicverify verifies the signer certificate on an OCSP response. In the case where the non-default flag OCSPNOCHECKS is used then the response will be positive meaning a successful verification even in the case where the response signing certificate fails to verify. It is...
GHSA-MPG6-RGP4-35RR Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service daemon outage by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different...
GHSA-MM33-5VFQ-3MM3 Cross-site Scripting Vulnerability in Action Pack
There is a possible XSS vulnerability in Rails / Action Pack. This vulnerability has been assigned the CVE identifier CVE-2022-22577. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1 Impact CSP headers were only sent along with responses that Rails...
PYSEC-2022-197
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns bytes generates bytecode which does not clamp bytes length, potentially resulting in a...
DLA-2977-1 xz-utils - security update
Bulletin has no description...
DSA-5115-1 webkit2gtk - security update
Bulletin has no description...
CVE-2022-26359
IOMMU: RMRR VT-d and unity map AMD-Vi handling issues This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Certain PCI devices in a system might be assigned Reserved Memory Regions specified via Reserved Memory Region...
DLA-2970-1 qemu - security update
Bulletin has no description...
GHSA-G397-V4W5-4M79 Command injection in cocoapods-downloader
The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...
DLA-2968-1 zlib - security update
Bulletin has no description...
DSA-5110-1 chromium - security update
Bulletin has no description...
ALSA-2022:1049 Important: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling CVE-2022-22720 For more details about the security issues, including the impact, a CV...
GHSA-M9CJ-V55F-8X26 Authentication Bypass in keycloak
A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application...
DSA-5105-1 bind9 - security update
Bulletin has no description...
GHSA-P9GQ-76FJ-4P4P Missing permission checks in Jenkins Release Helper Plugin
A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...
DSA-5103-1 openssl - security update
Bulletin has no description...
RLSA-2022:0825 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a later upstream version: kernel 4.18.0. BZ2036888 Security Fixes: kernel: improper initialization of the "flags" member of the new pipebuffer CVE-2022-0847 kernel: U...
DSA-5097-1 firefox-esr - security update
Bulletin has no description...
GHSA-RV6R-3F5Q-9RGX Twisted SSH client and server deny of service during SSH handshake.
Impact The Twisted SSH client and server implementation naively accepted an infinite amount of data for the peer's SSH version identifier. A malicious peer can trivially craft a request that uses all available memory and crash the server, resulting in denial of service. The attack is as simple as...
CVE-2022-24712 Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery CSRF protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for...
DSA-5080-1 snapd - security update
Bulletin has no description...
GHSA-H289-X5WC-XCV8 Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocket
Impact If no TLS configuration is provided by the user, the websocket package constructs its own TLS configuration using recommended defaults. When looking up a WSS endpoint using the DNS TXT record method described in XEP-0156: Discovering Alternative XMPP Connection Methods the ServerName field...
CVE-2022-24086
Adobe Commerce versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution...
DLA-2917-1 openjdk-8 - security update
Bulletin has no description...
GHSA-VWXP-9QMF-W299 Cross-site Scripting in LiveHelperChat
LiveHelperChat remdex/livehelperchat in Packagist has a stored Cross-site Scripting XSS vulnerability prior to version 3.93...
GHSA-RRP4-2XX3-MV29 Command injection in gh-ost
Gh-ost version = 1.1.2 allows users to inject DSN strings via the -database parameter. This is a low severity vulnerability as the attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus network access from ho...
CVE-2022-0361 Heap-based Buffer Overflow in vim/vim
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2...
DSA-5058-1 openjdk-17 - security update
Bulletin has no description...
DSA-5055-1 util-linux - security update
Bulletin has no description...
GHSA-6R92-CGXC-R5FG Denial of service in CBOR library
Impact Due to this library's use of an inefficient algorithm, it is vulnerable to a denial of service attack when a maliciously crafted input is passed to DecodeFromBytes or other CBOR decoding mechanisms in this library. Affected versions include versions 4.0.0 through 4.5.0. This vulnerability...
CVE-2021-42392
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various atta...
CVE-2021-44732
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtlssslsetsession failure...
DLA-2843-1 linux - security update
Bulletin has no description...