907571 matches found
GHSA-M9CJ-V55F-8X26 Authentication Bypass in keycloak
A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application...
DSA-5105-1 bind9 - security update
Bulletin has no description...
GHSA-P9GQ-76FJ-4P4P Missing permission checks in Jenkins Release Helper Plugin
A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...
DSA-5103-1 openssl - security update
Bulletin has no description...
RLSA-2022:0825 Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a later upstream version: kernel 4.18.0. BZ2036888 Security Fixes: kernel: improper initialization of the "flags" member of the new pipebuffer CVE-2022-0847 kernel: U...
DSA-5097-1 firefox-esr - security update
Bulletin has no description...
GHSA-RV6R-3F5Q-9RGX Twisted SSH client and server deny of service during SSH handshake.
Impact The Twisted SSH client and server implementation naively accepted an infinite amount of data for the peer's SSH version identifier. A malicious peer can trivially craft a request that uses all available memory and crash the server, resulting in denial of service. The attack is as simple as...
CVE-2022-24712 Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4
CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web framework. A vulnerability in versions prior to 4.1.9 might allow remote attackers to bypass the CodeIgniter4 Cross-Site Request Forgery CSRF protection mechanism. Users should upgrade to version 4.1.9. There are workarounds for...
DSA-5080-1 snapd - security update
Bulletin has no description...
GHSA-H289-X5WC-XCV8 Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocket
Impact If no TLS configuration is provided by the user, the websocket package constructs its own TLS configuration using recommended defaults. When looking up a WSS endpoint using the DNS TXT record method described in XEP-0156: Discovering Alternative XMPP Connection Methods the ServerName field...
CVE-2022-24086
Adobe Commerce versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution...
DLA-2917-1 openjdk-8 - security update
Bulletin has no description...
GHSA-VWXP-9QMF-W299 Cross-site Scripting in LiveHelperChat
LiveHelperChat remdex/livehelperchat in Packagist has a stored Cross-site Scripting XSS vulnerability prior to version 3.93...
GHSA-RRP4-2XX3-MV29 Command injection in gh-ost
Gh-ost version = 1.1.2 allows users to inject DSN strings via the -database parameter. This is a low severity vulnerability as the attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus network access from ho...
CVE-2022-0361 Heap-based Buffer Overflow in vim/vim
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2...
DSA-5055-1 util-linux - security update
Bulletin has no description...
CVE-2021-42392
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various atta...
DLA-2843-1 linux - security update
Bulletin has no description...
CVE-2021-43527
NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \7, or PKCS \12 are likely to be impacted. Applications using N...
PYSEC-2021-863
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority CA to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store...
DSA-5009-1 tomcat9 - security update
Bulletin has no description...
GHSA-Q9P4-QFC8-FVPP SQL Injection in medoo
columnQuote in medoo before 1.7.5 allows remote attackers to perform a SQL Injection due to improper escaping...
RLSA-2021:3816 Important: httpd:2.4 security update
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxy: SSRF via a crafted request uri-path containing "unix:" CVE-2021-40438 httpd: modsession: Heap overflow via a crafted SessionHeader value CVE-2021-26691 For more...
CVE-2021-41524
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project...
ASB-A-192605364
In sqlite3Select of select.c, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
GHSA-H76R-VGF3-J6W5 October CMS auth bypass and account takeover
Impact An attacker can exploit this vulnerability to bypass authentication using a specially crafted persist cookie. - To exploit this vulnerability, an attacker must obtain a Laravel’s secret key for cookie encryption and signing. - Due to the logic of how this mechanism works, a targeted user...
GHSA-HQ5M-MQMX-FW6M Privilege escalation via form generator
Impact It is possible for untrusted users to gain administrator rights with the form generator. Installations are only affected if there are untrusted back end users with access to the form generator. Patches Update to Contao 4.4.56, 4.9.18 or 4.11.7. Workarounds Disable the form generator or...
UVI-2021-1001490 atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
atm: nicstar: Fix possible use-after-free in nicstarcleanup This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.276 by commit...
GO-2021-0103 Denial of service in github.com/holiman/uint256
Due to improper bounds checking, certain mathematical operations can cause a panic via an out of bounds read. If this package is used to process untrusted user inputs, this may be used as a vector for a denial of service attack...
DLA-2718-1 intel-microcode - security update
Bulletin has no description...
RUSTSEC-2021-0074 Incorrect handling of embedded SVG and MathML leads to mutation XSS
Affected versions of this crate did not account for namespace-related parsing differences between HTML, SVG, and MathML. Even if the svg and math elements are not allowed, the underlying HTML parser still treats them differently. Running cleanup without accounting for these differing namespaces...
ASB-A-174886838
In smpprocesspairingpublickey of smpact.cc, there is a possible interception of Bluetooth pairing from an on-path attacker due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitati...
OSV-2021-777 Heap-use-after-free in xmlAddNextSibling
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34461 Crash type: Heap-use-after-free READ 4 Crash state: xmlAddNextSibling xmlXIncludeCopyRange xmlXIncludeCopyXPointer...
CVE-2021-29488
SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the filesystem.renamer function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released as part of SABnzbd 3.2.1RC1. As a workaround,...
CVE-2021-22208
An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update...
DLA-2650-1 exim4 - security update
Bulletin has no description...
DLA-2647-1 bind9 - security update
Bulletin has no description...
DSA-4892-1 python-bleach - security update
Bulletin has no description...
PYSEC-2021-44
Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if the site uses this...
DLA-2583-1 activemq - security update
Bulletin has no description...
CVE-2021-21307
Lucee Server is a dynamic, Java based JSR-223, tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a...
PYSEC-2021-71
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled...
CVE-2020-35847
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function...
CVE-2020-35489
The contact-form-7 aka Contact Form 7 plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters...
RUSTSEC-2020-0089 nanorand 0.5.0 - RNGs failed to generate properly for non-64-bit numbers
In versions of nanorand prior to 0.5.1, RandomGen implementations for standard unsigned integers could fail to properly generate numbers, due to using bit-shifting to truncate a 64-bit number, rather than just an as conversion. This often manifested as RNGs returning nothing but 0, including the...
DLA-2483-1 linux-4.19 - security update
Bulletin has no description...
GHSA-GVQV-779R-4JGP Use after free in CefSharp
CVE-2020-16017: Use after free in site isolation - https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop11.html - https://vulners.com/cve/CVE-2020-16017 Google is aware of reports that exploits for CVE-2020-16013 and CVE-2020-16017 exist in the wild. There is currently...
RUSTSEC-2020-0149 Data race and memory safety issue in `Index`
The appendix crate implements a key-value mapping data structure called Index that is stored on disk. The crate allows for any type to inhabit the generic K and V type parameters and implements Send and Sync for them unconditionally. Using a type that is not marked as Send or Sync with Index can...
DSA-4777-1 freetype - security update
Bulletin has no description...
PYSEC-2020-110
In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2...