907959 matches found
DSA-5162-1 containerd - security update
Bulletin has no description...
DSA-4942-1 systemd - security update
Bulletin has no description...
CVE-2020-25685
A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSE...
DLA-841-1 apache2 - security update
Bulletin has no description...
BIT-GITLAB-2025-2408 Insufficient Granularity of Access Control in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions users could bypass IP access restrictions and view sensitive information...
BIT-REDIS-2024-31227 Denial-of-service due to malformed ACL selectors in Redis
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users...
BIT-GITLAB-2024-5067 Exposure of Sensitive Information to an Unauthorized Actor in GitLab
An issue was discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.0.5, starting from 17.1 prior to 17.1.3, and starting from 17.2 prior to 17.2.1 where certain project-level analytics settings could be leaked in DOM to group members with Developer or higher roles...
GHSA-W3H3-4RJ7-4PH4 Request smuggling leading to endpoint restriction bypass in Gunicorn
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli...
BIT-APACHE-2021-39275 ap_escape_quotes buffer overflow
apescapequotes may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier...
OSV-2022-785 Heap-buffer-overflow in resize_packet
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50617 Crash type: Heap-buffer-overflow WRITE Crash state: resizepacket FuzzResizePacket fuzzrfc1035.c...
OSV-2021-677 Heap-buffer-overflow in grk::FileFormatDecompress::apply_palette_clr
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544 Crash type: Heap-buffer-overflow WRITE 16 Crash state: grk::FileFormatDecompress::applypaletteclr grk::FileFormatDecompress::applyColour grkdecompressfuzzer.cpp...
BIT-GITLAB-2024-6446 Business Logic Errors in GitLab
An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application...
CVE-2024-1143
Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting XSS, which could allow for the leakage of user sessions and subsequent authentication bypass...
CVE-2024-24566 Lobe Chat unauthorized access to plugins
Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected deployed with the ACCESSCODE option, it is possible to access plugins without proper authorization without password. This vulnerabili...
GHSA-9MH8-9J64-443F HashiCorp Vault's revocation list not respected
HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and...
GHSA-5F37-GXVH-23V6 Remote code execution in PHPMailer
Impact The mailSend function in the default isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double quote in a crafted Sender property. Patches Fixed in 5.2.18 Workaround...
CVE-2025-43965
In MIFF image processing in ImageMagick before 7.1.1-44, image depth is mishandled after SetQuantumFormat is used...
BIT-GITLAB-2024-0231 Improper Control of Resource Identifiers ('Resource Injection') in GitLab
A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits...
GHSA-J6PX-JWVV-VPWQ Angular Expressions - Remote Code Execution
Impact The vulnerability, reported by GoSecure Inc, allows Remote Code Execution, if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. This time, the security of the package could be bypassed by using a more complex payload, using a...
CVE-2024-2880 Improper Access Control in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with admingroupmember custom role permission could ban group members...
CVE-2024-5470 Improper Access Control in GitLab
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.0.4 and from 17.1 prior to 17.1.2 where a Guest user with adminpushrules permission may have been able to create project-level deploy tokens...
DSA-5388-1 haproxy - security update
Bulletin has no description...
GHSA-QMMC-JPPF-32WV Directory Traversal in Docker
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a 1 "docker load" operation or 2 "registry communications."...
DLA-2557-1 linux-4.19 - security update
Bulletin has no description...
CVE-2022-47111
7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Some later versions are unaffected...
BIT-GITLAB-2020-10082
GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered...
GHSA-WMG5-G953-QQFW Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation
When using the Vault and Vault Enterprise Vault approle auth method, any authenticated user with access to the /auth/approle/role/:rolename/secret-id-accessor/destroy endpoint can destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability, CVE-2023-24999, has...
GHSA-32GV-6CF3-WCMQ HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods
Impact Twisted web servers that utilize the optional HTTP/2 support suffer from the following flow-control related vulnerabilities: Ping flood: https://vulners.com/cve/CVE-2019-9512 Reset flood: https://vulners.com/cve/CVE-2019-9514 Settings flood: https://vulners.com/cve/CVE-2019-9515 A Twisted...
GHSA-XG6R-5GX4-QXJM invoiceninja is vulnerable to Cross-site Scripting
invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
BIT-GRAFANA-2023-5122 SSRF in CSV Datasource Plugin
Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from a remote endpoint configured by an administrator. If this plugin was configured to send requests t...
BIT-GITLAB-2024-6389 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab
An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions...
RUSTSEC-2024-0332 Degradation of service in h2 servers with CONTINUATION Flood
An attacker can send a flood of CONTINUATION frames, causing h2 to process them indefinitely. This results in an increase in CPU usage. Tokio task budget helps prevent this from a complete denial-of-service, as the server can still respond to legitimate requests, albeit with increased latency. Mo...
CVE-2024-24754 Bref Body Parsing Inconsistency in Event-Driven Functions
Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content...
CVE-2022-45141
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption...
CVE-2022-41903 Integer overflow in `git archive`, `git log --format` leading to RCE in git
Git is distributed revision control system. git log can display commits in an arbitrary format using its --format specifiers. This functionality is also exposed to git archive via the export-subst gitattribute. When processing the padding operators, there is a integer overflow in...
ASB-A-137284057
In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
GHSA-7V35-QWWJ-P98G Improper Restriction of XML External Entity Reference in DiffPlug Spotless
In DiffPlug Spotless before 1.20.0 library and Maven plugin and before 3.20.0 Gradle plugin, the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file contents to a MITM attacker if a...
CVE-2025-46393
In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packetsize is mishandled related to the rendering of all channels in an arbitrary order...
BIT-GITLAB-2024-12380 Generation of Error Message Containing Sensitive Information in GitLab
An issue was discovered in GitLab EE/CE affecting all versions starting from 11.5 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Certain user inputs in repository mirroring settings could potentially expose sensitive authentication...
MAL-2022-7286 Malicious code in xnxx-dl-wa-bot (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0ae97fc6d17d4a931da57669f1fc5dcd02644f5a8c9c0f8d9a416f741c15368a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-6XXJ-GCJQ-WGF4 SQL injection in prestashop/prestashop
Impact Blind SQLi using Search filters with orderBy and sortOrder parameters Patches The problem is fixed in 1.7.8.2...
MAL-2025-6022 Malicious code in eslint-config-prettier (npm)
This package installs a windows based malware file node-gyp.dll via install.js...
BIT-GITLAB-2025-0290 Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 prior to 17.5.5, from 17.6 prior to 17.6.3, and from 17.7 prior to 17.7.1. Under certain conditions, processing of CI artifacts metadata could cause background jobs to become unresponsive...
BIT-PYTHON-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter
An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...
GO-2024-3023 Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server
Mattermost allows remote actor to create/update/delete posts in arbitrary channels in github.com/mattermost/mattermost-server...
PSF-2023-2 Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...
DLA-3309-1 graphite-web - security update
Bulletin has no description...
GHSA-XHFC-GR8F-FFWC Denial of service in ASP.NET Core
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981...
GHSA-3GG9-F3VH-866F Improper Certificate Validation in Graylog
Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. It allows use of an external user/group database stored in LDAP. The connection configuration allows the usage of unencrypted, SSL- or TLS-secured connections. Unfortunately, the Graylog client code in all versions that suppo...
DSA-3092-1 icedove - security update
Bulletin has no description...