908024 matches found
CVE-2023-22102
Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/J. Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful...
ALSA-2023:5711 Moderate: nginx security update
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the securi...
ASB-A-274058082
In androidviewInputDevicecreate of androidviewInputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
GHSA-3QF9-QXFJ-4WHC Microsoft Security Advisory CVE-2023-36792: .NET Remote Code Execution Vulnerability
Microsoft Security Advisory CVE-2023-36792: .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update thei...
GHSA-FWR2-64VR-XV9M Argo CD cluster secret might leak in cluster details page
Impact Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored inkubectl.kubernetes.io/last-applied-configuration annotation. https://github.com/argoproj/argo-cd/pull/7139 introduced the ability to manage cluster labels and...
CVE-2023-40035 Craft CMS vulnerable to Remote Code Execution via validatePath bypass
Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable...
DLA-3534-1 rar - security update
Bulletin has no description...
CVE-2023-0872
The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizo...
GHSA-VMCH-3W2X-VHGQ .NET Denial of Service Vulnerability
Microsoft Security Advisory CVE-2023-38180: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1, .NET 6.0, and .NET 7.0. This advisory also provides guidance on what developers can do...
PYSEC-2023-144
Cross Site Request Forgery CSRF vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/resetuserpassword.html, templates/user/overview.html, core/views/user.py, and...
ASB-A-264880895
In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation...
ALSA-2023:4412 Important: openssh security update
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: Remote code execution in ssh-agent PKCS11 support CVE-2023-38408 For more details...
CVE-2023-37920 Certifi's removal of e-Tugra root certificate
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted ...
CVE-2023-34967
A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol...
GHSA-FXJG-28FM-PFXH Apache Superset Server-Side Request Forgery vulnerability
A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This vulnerability exists in...
ASB-A-274445194
In validateForCommonR1andR2 of PasspointConfiguration.java, there is a possible way to inflate the size of a config file with no limits due to a buffer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation...
DLA-3462-1 wordpress - security update
Bulletin has no description...
GHSA-Q36X-R5X4-H4Q6 Denial of service via HTTP/2 HEADERS frames padding
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.2. It is fixed in 1.20.0 and later releases. This vulnerability is caused by a logica...
CVE-2023-29403
On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...
CVE-2023-28321
An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...
GHSA-J8R2-6X86-Q33Q Unintended leak of Proxy-Authorization header in requests
Impact Since Requests v2.3.0, Requests has been vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuildproxies is used to recompute and reattach the Proxy-Authorization header to...
CVE-2023-31047
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField only the last uploaded file was validated. However,...
ASB-A-261588851
In multiple functions of SnoozeHelper.java, there is a possible failure to persist settings due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
RLSA-2023:1743 Important: nodejs:14 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 14.21.3. Security Fixes: decode-uri-component: improper input validation resulting i...
ASB-A-262892300
In buildPropFile of filesystem.go, there is a possible insecure hash due to an improperly used crypto. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...
GO-2023-1600 Arbitrary code execution in github.com/kitabisa/teler-waf
Improper handling of payload with special characters, such as CR/LF and horizontal tab, can lead to execution of arbitrary JavaScript code...
GHSA-F598-MFPV-GMFX Sequelize - Default support for “raw attributes” when using parentheses
Impact Sequelize 6.28.2 and prior has a dangerous feature where using parentheses in the attribute option would make Sequelize use the string as-is in the SQL ts User.findAll attributes: 'countid', 'count' ; Produced sql SELECT countid AS "count" FROM "users" Patches This feature was deprecated i...
CVE-2023-22832
The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity...
GHSA-V5W6-WCM8-JM4Q openssl-src contains Double free after calling `PEM_read_bio_ex`
The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...
GHSA-VRH7-X64V-7VXQ openssl-src contains `NULL` dereference during PKCS7 data verification
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...
CVE-2022-3924
This issue can affect BIND 9 resolvers with stale-answer-enable yes; that also make use of the option stale-answer-client-timeout, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clien...
ALSA-2023:0210 Moderate: java-1.8.0-openjdk security and bug fix update
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: improper restrictions in CORBA deserialization Serialization, 8285021 CVE-2023-21830 OpenJDK: soundbank URL remote loading Sound, 8293742...
GHSA-8C69-R38J-RPFJ Rancher cattle-token is predictable
Impact An issue was discovered in Rancher versions up to and including 2.6.9 and 2.7.0, where the cattle-token secret, used by the cattle-cluster-agent, is predictable. Even after the token is regenerated, it will have the same value. This issue is not present in Rancher 2.5 releases. The...
GHSA-2PHW-RGR7-5PVH Information Cards Module vulnerable to Cross-site Scripting
A vulnerability was found in Information Cards Module and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0 is able to address this issue. The name of the patch is...
DSA-5308-1 webkit2gtk - security update
Bulletin has no description...
GHSA-9CMM-52CV-6HVC Microweber vulnerable to Stored Cross-Site Scripting
Microweber versions 1.3.1 and prior are vulnerable to stored Cross-site Scripting XSS. A patch is available on the 1.4, dev, and laravel-sail branches...
GHSA-755V-R4X4-QF7M Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown
Summary A Stored XSS vulnerability was reported in the Keycloak Security mailing list, affecting all the versions of Keycloak, including the latest release 16.0.1. The vulnerability allows a privileged attacker to execute malicious scripts in the admin console, abusing of the groups' dropdown...
ALSA-2022:7954 Moderate: podman security and bug fix update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension...
CVE-2022-38023
Netlogon RPC Elevation of Privilege Vulnerability...
CVE-2022-44793
handleipv6IpForwarding in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service...
CVE-2022-3647
DISPUTED A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitabili...
CVE-2022-38177
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...
CVE-2022-35982 Segfault in `SparseBincount` in TensorFlow
TensorFlow is an open source platform for machine learning. If SparseBincount is given inputs for indices, values, and denseshape that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...
ALSA-2022:6358 Important: open-vm-tools security update
The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines. Security Fixes: open-vm-tools: local root privilege escalation in the virtual...
GO-2022-0533 Path traversal via Clean on Windows in path/filepath
On Windows, the filepath.Clean function can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. For example, Clean".\c:" returns "c:"...
GO-2022-0316 Incorrect calculation in github.com/open-policy-agent/opa
Pretty-printing an AST that contains synthetic nodes can change the logic of some statements by reordering array literals...
RLSA-2022:5696 Important: java-1.8.0-openjdk security, bug fix, and enhancement update
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. The following packages have been upgraded to a later upstream version: java-1.8.0-openjdk 1.8.0.342.b07. BZ2084648 Security Fixes: OpenJDK: integer truncation issue in...
GO-2022-0322 Uncontrolled resource consumption in github.com/prometheus/client_golang
The Prometheus clientgolang HTTP server is vulnerable to a denial of service attack when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of the promhttp.InstrumentHandler middleware except RequestsInFlight; not filter any specific...
DSA-5184-1 xen - security update
Bulletin has no description...
CVE-2022-32212
A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks...