908024 matches found
DLA-2970-1 qemu - security update
Bulletin has no description...
DLA-2968-1 zlib - security update
Bulletin has no description...
ASB-A-205836329
In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed...
CVE-2022-22719
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier...
CVE-2020-36518
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects...
GHSA-7F63-H6G3-7CWM Cross Site Scripting (XSS) in @finastra/ssr-pages
A cross site scripting XSS issue can occur when providing untrusted input to the redirect.link property as an argument to the buildMessagePageOptions function. References - https://github.com/Finastra/ssr-pages/pull/2 -...
DSA-5058-1 openjdk-17 - security update
Bulletin has no description...
DLA-2898-1 nss - security update
Bulletin has no description...
GHSA-6R92-CGXC-R5FG Denial of service in CBOR library
Impact Due to this library's use of an inefficient algorithm, it is vulnerable to a denial of service attack when a maliciously crafted input is passed to DecodeFromBytes or other CBOR decoding mechanisms in this library. Affected versions include versions 4.0.0 through 4.5.0. This vulnerability...
DSA-5044-1 firefox-esr - security update
Bulletin has no description...
CVE-2021-44732
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtlssslsetsession failure...
CVE-2021-45046
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...
DLA-2843-1 linux - security update
Bulletin has no description...
PYSEC-2021-851
Flask-AppBuilder is a development framework built on top of Flask. Verions prior to 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected RE...
DLA-2817-1 postgresql-9.6 - security update
Bulletin has no description...
ALBA-2021:4604 httpd:2.4 bug fix update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Bug Fixes: proxy rewrite to unix socket fails with CVE-2021-40438 fix BZ2017854, BZ2017855, BZ2017856...
ALSA-2021:4537 Important: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Regression of CVE-2021-40438 and CVE-2021-26691 fixes in AlmaLinux CVE-2021-20325 For more details about the security issues, including the impact, a CVSS score,...
ALSA-2021:4213 Moderate: php:7.4 security, bug fix, and enhancement update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.4.19. BZ1944110 Security Fixes: php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV CVE-2020-7069 php: FILTERVALIDATEURL...
ALSA-2021:4156 Moderate: go-toolset:rhel8 security, bug fix, and enhancement update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The following packages have been upgraded to a later upstream version: golang 1.16.7. BZ1938071 Security Fixes: golang: net: lookup functions may return invalid host names CVE-2021-33195...
ALSA-2021:4154 Moderate: container-tools:rhel8 security, bug fix, and enhancement update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: buildah: Host environment variables leaked in build container when using chroot isolation CVE-2021-3602 containers/storage: DoS via malicious image CVE-2021-20291 For...
GHSA-Q9P4-QFC8-FVPP SQL Injection in medoo
columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping...
DLA-2785-1 linux-4.19 - security update
Bulletin has no description...
CVE-2021-32626
Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote co...
CVE-2021-23436
This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition p === "proto" || p === "constructor" in applyPatches...
GHSA-H76R-VGF3-J6W5 October CMS auth bypass and account takeover
Impact An attacker can exploit this vulnerability to bypass authentication using a specially crafted persist cookie. - To exploit this vulnerability, an attacker must obtain a Laravel’s secret key for cookie encryption and signing. - Due to the logic of how this mechanism works, a targeted user...
RUSTSEC-2021-0098 Read buffer overruns processing ASN.1 strings
ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are represented as a buffer for the string data which is terminated with a NUL 0 byt...
DSA-4958-1 exiv2 - security update
Bulletin has no description...
GHSA-HWFP-HG2M-9VR2 Integer overflow in pywin32
An integer overflow exists in pywin32 prior to version b301 when adding an access control entry ACE to an access control list ACL that would cause the size to be greater than 65535 bytes. An attacker who successfully exploited this vulnerability could crash the vulnerable process...
GHSA-RR6V-H7M8-WC9F Cross-site Scripting in Froala WYSIWYG Editor
Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing...
DSA-4939-1 firefox-esr - security update
Bulletin has no description...
CVE-2021-28693
xen/arm: Boot modules are not scrubbed The bootloader will load boot modules e.g. kernel, initramfs... in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page over to the...
UVI-2021-1001090 net: bridge: fix vlan tunnel dst refcnt when egressing
net: bridge: fix vlan tunnel dst refcnt when egressing This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.13 by commit...
GHSA-7JR6-PRV4-5WF5 Duplicate Advisory: Helm passes repository credentials to alternate domain
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-56hp-xqp3-w2jf. This link is maintained to preserve external references. Original Description Helm is a tool for managing Charts packages of pre-configured Kubernetes resources. In versions of helm prior to 3.6....
ASB-A-174886838
In smpprocesspairingpublickey of smpact.cc, there is a possible interception of Bluetooth pairing from an on-path attacker due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitati...
OSV-2021-777 Heap-use-after-free in xmlAddNextSibling
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34461 Crash type: Heap-use-after-free READ 4 Crash state: xmlAddNextSibling xmlXIncludeCopyRange xmlXIncludeCopyXPointer...
RLSA-2021:1581 Moderate: sqlite security update
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...
CVE-2021-29488
SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the filesystem.renamer function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released as part of SABnzbd 3.2.1RC1. As a workaround,...
CVE-2021-22208
An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update...
DLA-2650-1 exim4 - security update
Bulletin has no description...
GO-2021-0063 Nil pointer dereference via malicious RPC message in github.com/ethereum/go-ethereum
Due to a nil pointer dereference, a maliciously crafted RPC message can cause a panic. If handling RPC messages from untrusted clients, this may be used as a denial of service vector...
DLA-2619-1 python3.5 - security update
Bulletin has no description...
DLA-2583-1 activemq - security update
Bulletin has no description...
CVE-2020-24036
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code...
ALSA-2021:0558 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: locking issue in drivers/tty/ttyjobctrl.c can lead to an use-after-free CVE-2020-29661 kernel: performance counters race condition use-after-free CVE-2020-14351 kernel: ICMP rate limiting...
RLSA-2021:0538 Moderate: nss security and bug fix update
Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fixes: nss: Side channel attack on ECDSA signature generation CVE-2020-6829 nss: P-384 and P-521 implementation uses a side-channel...
PYSEC-2021-71
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled...
ALSA-2020:5503 Moderate: mariadb-connector-c security, bug fix, and enhancement update
The MariaDB Native Client library C driver is used to connect applications developed in C/C++ to MariaDB and MySQL databases. The following packages have been upgraded to a later upstream version: mariadb-connector-c 3.1.11. BZ1898993 Security Fixes: mysql: C API unspecified vulnerability CPU Apr...
CVE-2020-28053
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6...
DSA-4777-1 freetype - security update
Bulletin has no description...
CVE-2020-25791
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit...